index=DEVICE |dedup srcip |...
will eliminate duplicate IPs.
As to the searching for a big list of addresses, you want to look into "lookup" tables or "input CSV" files. By the way, you can use CIDR blocks in the search, lookup file or input CSV file.
You can create an input CSV file by putting a file in the:
$SPLUNK_HOME/var/run/splunk/
folder and call it something like myips.csv.
The first line of the file should be srcip and each line after that can be an IP address. Then you can limit your search as follows:
index=DEVICE [|inputcsv "myips.csv"] | dedup srcip | table srcip
This will give you a list of the srcip entries that matched those in the file and only print one of each. You can do something in the reverse to find those that are missing from your file:
|inputcsv "myips.csv" NOT [index=DEVICE |dedup srcip|fields srcip]
This last search will work for a small time range, but the subsearch may time out on longer ones. A more complete solution to that is a bit more involved, but can be done.
... View more