Solved: Can search sytax use the notation of network mask ...

hjwang · ‎10-19-2010

Dear all, i wanna filter the specific ip range for one country, can search sytax use the notation of network mask like /24, for instance, the ip range from 110.77.0.0 to 110.77.127.255, i hope i can use 110.77.0/17 rather than 110.77.0.~110.77.127. as filter condition. Any other better suggestions?Thanks

gkanapathy · ‎10-19-2010

Yes, you can, but only as a field value match, i.e., you can search for ipaddr=110.77.0.0/23 but not for just 110.77.0.0/23.

View solution in original post

gkanapathy · ‎10-19-2010

Yes, you can, but only as a field value match, i.e., you can search for ipaddr=110.77.0.0/23 but not for just 110.77.0.0/23.

usethedata · ‎08-24-2013

@southeringtonp -- Thank you for posting the cross-reference. That second question is exactly what I needed.

sdwilkerson · ‎11-04-2010

You rock Gerald!

southeringtonp · ‎10-19-2010

You can also use cidrmatch in the eval command. If you are dealing with known (usually internal) subnets, you can also resolve them by name - see this thread: http://answers.splunk.com/questions/5916/using-cidr-in-a-lookup-table

Can search sytax use the notation of network mask like /24

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!