Hello,
I am running a search that is returning IP addresses that are being sent to a waf (web access firewall). The waf requires all IP addresses to be written in CIDR notation. I am just returning single IPs ,so I have to add a /32 to each address that I submit.
I am using the stats command, looking at different parameters and them counting by IP to provide the list I am submitting. It seems like it should be straight forward using concatenation, but I haven't been able to get to a solution.
eval cidr_address=remoteIP + "/32" and varieties of this approach(casting to string etc) haven't worked.
Appreciate any help anyone can provide.
I couldn't get "cird_address=remoteIP ."/32"" to work in my search. I created a more simple search and it worked fine. Your suggestion was correct. I need to do more work on my search.
Thanks for your help!
Peter
Have you tried using the other concatenation operator - dot vs plus?
Yes I tried the .(dot)
| eval cird_address=remoteIP ./32
Error in 'EvalCommand': The expression is malformed. An unexpected character is reached at '/32'.
| eval cird_address=remoteIP ."/32"
This one does NOT show an error, but i get no results. Maybe there is something farther down in the search that's not correct.
I check that and respond again.
Thanks for your sugestion
I couldn't get "cird_address=remoteIP ."/32"" to work in my search. I created a more simple search and it worked fine. Your suggestion was correct. I need to do more work on my search.
Thanks for your help!
Peter
You should accept ptrsnks answer not your reply.