Ladies and Gentlemen,
I am have been trying for the better part of a week to get my lookup tables with CIDR and wildcards to work but I am having zero success.

My PROPS.CONF for both search is:
CIDR
[sourcetype]
LOOKUP_needip = CIDR neededip AS IP

wildcard_IP
[sourcetype]
LOOKUP-wildcardip = Mass_IP wildcardip OUTPUT wildcard_site

TRANSFORMS.CONF:

[CIDR]
filename = CIDR.csv
match_type = CIDR(neededip)

wildcardIP

[wildcard_IP]
filename = wildcard_IP.csv
DELIMS = " "
match_type = WILDCARD(wildcardip)

I am using a simple lookup at the beginning of the search ie:

sourcetype=foo host=bar [| inputlookup wildcard_IP.csv]

Are my props and transforms correct? I am at a loss.

Thanks for any help,
Ernie