Hi,
i have CSV file for a IP lookups. Question is can i use a CIDR block in the csv file? and when search time will splunk be able to see all the individual IPs from that Blcok.
Companyname IP
Company XXX 63.122.163.0/27
Company YYY 63.123.345.23
Yes you can. If you look at the lookup configuration section in the transforms.conf file documentation, you'll see there is a setting match_type
which you can set to CIDR(IP)
or CIDR(fieldname)
in general.
Can i specify both CIDR blocks and regualr IPs in the same file in the same file if i have match_type as CIDR(IP)..
Thank you. i will look into the documentation.