This search shows the problem.

| stats count | eval ips="2001:54FF:0000:ffff:ffff:ffff:ffff:ffff,2002:54FF:0000:ffff:ffff:ffff:ffff:ffff,2003:54FF:0000:ffff:ffff:ffff:ffff:ffff" | rex field=ips "(?P[^,]+)" max_match=0 | mvexpand ip | table ip | search ip=2001:54FF::/48

Splunk currently does not support ipv6 CIDR searching.

BUT, because you are searching for a /48, these both work:

| stats count | eval ips="2001:54FF:0000:ffff:ffff:ffff:ffff:ffff,2002:54FF:0000:ffff:ffff:ffff:ffff:ffff,2003:54FF:0000:ffff:ffff:ffff:ffff:ffff" | rex field=ips "(?P[^,]+)" max_match=0 | mvexpand ip | table ip | search ip=2001:54FF:*

| stats count | eval ips="2001:54ff:0000:ffff:ffff:ffff:ffff:ffff,2002:54FF:0000:ffff:ffff:ffff:ffff:ffff,2003:54FF:0000:ffff:ffff:ffff:ffff:ffff" | rex field=ips "(?P[^,]+)" max_match=0 | mvexpand ip | table ip | search ip=2001:54FF:*

As you can see, the capitalization does not matter.