Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

search cidr without using "src_ip OR dest_ip"?

jpreis
New Member
‎03-25-2019 12:52 PM

Is there a way to search a cidr notation without using "src_ip OR dest_ip"?
I have a bunch of ips i want to search for and would like to search for a bunch of them at once.

Tags (2)
0 Karma
Reply

mydog8it
Builder
‎03-25-2019 04:01 PM

If you don't use a field name the search command will interpret the CIDR as a string, it will not make a match. You must use a field name in the search, like src_ip or dest_ip.

0 Karma
Reply
Get Updates on the Splunk Community!

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

❄️ Welcome the new year with our January lineup of Community Office Hours, Tech Talks, and Webinars! 🎉 ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...