I am trying to match a list of CIDR ranges in a csv file to hosts that are going outbound on our network...basically trying to see if there are any naughty hosts trying to go to Russia. The search command is as follows:
sourcetype="cisco_syslog" | eval Fhost=cidrmatch([inputcsv rrcidrlist], cisco_dsthost)
When i run this the following error is returned:
Error in 'eval' command: The number 46.19.104.0 is invalid.
The 46.19.104.0 just so happens to be the first IP in the list, however its doesn't appear to be reading the /21 at the end. Again, it doesn't appear to be reading the 46.19.104.0/21 CIDR range. There are no spaces in the CSV file. The documentation indicates that the double quotes should be used around the CIDR range however i have tried them everywhere and nothing seems to work. Any help would be greatly appreciated. Noobly appreciated 🙂
... View more