I am trying to match IP addresses in the block of addresses - 10.120.1.0 through 10.120.13.255. This range spans several CIDR ranges
10.120.1.0/24 + 10.120.2.0/23 + 10.120.4.0/22 + 10.120.8.0/22 + 10.122.12.0/23. Is there a way to search not using eval cidrmatch?
You could use a regex command to check if the ip matches the pattern and filter for these events
| regex ip="10.120.(?:[1-9]|1[0-3]).[0-255]"
Alternatively, you can just use cidrmatch with the case command.
| eval match=case(
cidrmatch("10.120.1.0/24" ,ip) ,"1",
cidrmatch("10.120.2.0/23" ,ip) ,"1",
cidrmatch("10.120.4.0/22" ,ip) ,"1",
cidrmatch("10.120.8.0/22" ,ip) ,"1",
cidrmatch("10.120.12.0/23",ip),"1",
1=1,"0")
HTH,
Raschko
You could use a regex command to check if the ip matches the pattern and filter for these events
| regex ip="10.120.(?:[1-9]|1[0-3]).[0-255]"
Alternatively, you can just use cidrmatch with the case command.
| eval match=case(
cidrmatch("10.120.1.0/24" ,ip) ,"1",
cidrmatch("10.120.2.0/23" ,ip) ,"1",
cidrmatch("10.120.4.0/22" ,ip) ,"1",
cidrmatch("10.120.8.0/22" ,ip) ,"1",
cidrmatch("10.120.12.0/23",ip),"1",
1=1,"0")
HTH,
Raschko
Hello @Raschko wht this section of code 1=1,"0"
on eval doing . Thanks
The eval answer is just exactly what I needed. I need to have several other sub-nets defined and this lets me expand to cover all of them.
Thanks for the help!!
Scott