cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bald_balrog
New Member
Member since: ‎05-31-2023
‎05-31-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-31-2023
Activity Feed
View All

How to calculate subnet from list of IP addresses?

by in Splunk Search
‎05-31-2023 05:47 AM
‎05-31-2023 05:47 AM
I'm trying to come up with a way to output to a lookup file a list of calculated network addresses given a list of IP addresses. By using a destination MAC address and a source IP, I'm able to group together a list of IPs that are using the same gateway with the following: `index=zeek sourcetype=zeek_conn | stats values(src) by resp_l2_addr` But from here, I need to take those src values and have Splunk give me the smallest subnet that covers that range of addresses. For example, if I have 10.0.0.5 and 10.0.1.5 in the same list, I would need the query to say, based on these two addresses, there is a 10.0.0.0/23 network. I feel this is more of a machine learning type of problem, but wanted to see if anyone has come up with something similar that could solve this. Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-31-2023 02:31 PM