Re: How to use eval command to perform a CIDR matc...

tmarlette · ‎09-05-2014

I am trying to use a text box for an input, so I can input an IP address, and then perform a CIDR lookup with a lookup table that I currently have.

I’ve tried to use an eval command for CIDR matching, however it seems that the eval version of CIDR matching requires that the input be a single IP, and that I type in the prefix manually, which I have far too many of in the lookup table.

What I mean is this.

If I have the address: 192.104.169.139
I know that this is in this subnet range:

ext_ip,description
192.104.169.128/25,vendor_name

I need to be able to punch in the 192.104.169.139 into a text field, and then have it lookup the range, and return the ‘description’ field in a table within a dashboard.

Is there a way to use the eval command for this? I am attaching the XML I am using below:

 <form>
  <label>test input field</label>
  <description/>
  <fieldset submitButton="false">
    <input type="text" token="code" searchWhenChanged="true">
      <label>Input vendor code</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <searchString>| inputlookup vendor_lookup.csv | search code=$code$ | table description</searchString>
      </table>
    </panel>
  </row>

</form>

Julieda · ‎02-24-2016

You can try the following search (works with KV Store lookup where match_type=CIDR(ip) is specified in transforms.conf):

bmacias84 · ‎09-05-2014

checkout http://answers.splunk.com/answers/39885/match-an-ip-with-a-cidr-mask-into-a-csv-file. I believe this what you want.

How to use eval command to perform a CIDR matching inputlookup?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio