×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
imst27
Loves-to-Learn
Member since: ‎09-22-2025
3 weeks ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-22-2025
View All

Re: How to exclude traffic with src_ip or dest_ip ...

by in Splunk Search
‎09-22-2025 11:36 PM
‎09-22-2025 11:36 PM
@imst27  Yes the lookup approach is much better. Its better to simplify giant cidrmatch() block into two clean lookup calls, one for src_ip and one for dest_ip. Eg: | lookup backup_subnets subnet as src_ip OUTPUT comment as src_match | lookup backup_subnets subnet as dest_ip OUTPUT comment as dest_match | where isnull(src_match) AND isnull(dest_match) | table _time src_ip dest_ip src_match dest_match Regards, Prewin If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago