Hello All,
I have two lookup tables that contain CIDR Ranges. One being a top level and the other one being the sub level CIDR ranges with different information. I want to do a lookup that can match on CIDR Range of these two tables. Is this possible with splunk? I know its a weird ask, I was able to just combined them outside splunk but curious if this is a possibility.
What I did was I created the two lookup tables and created the lookup definitions specifying the CIDR Field for both lookups. I called for the lookup with both of the different fields and did not match them.
Thank you in advance!
Example
your search
| lookup 1.csv cidr as src_ip OUTPUT cidr
| lookup detailedcidr.csv top_cidr as cidr OUTPUT top_cidr blah blah blah blah
your search
|lookup first cidr as src_ip OUTPUT something1
|lookup second cidr as src_ip OUTPUT something2
|where something1=* AND something2=*
It ’s like this because I do n’t know your query.
Sorry I was just trying to match 2 lookup tables into one.
Both have cidr ranges.
| inputlookup cidr.csv
| lookup top_cidr cidr1 as cidr2 outputnew blah blah blah blah
| makeresults
| eval first_cidr="10.10.0.1/8", second_cidr="10.10.0.1/32"
| eval result=if(cidrmatch(first_cidr,second_cidr),"OK","false")
It ’s not good because it ’s a string comparison.