Could CIDR matching for IPv6 be enabled in the search command instead of piping to a where command? I have had some data coming through that used to be IPv4 only, now it is coming through as IPv6 hybrid notations and normal IPv6 mixed in.
I'm on 6.4 atm, so if it is already implemented there than all good.
This problem extends to lookups
It is possible to make IPv4 CIDR lookups, but for IPv6 there are only string matches.
https://answers.splunk.com/answers/407153/ipv6-lookup.html
It would be nice to improve on this.