Hi,
Is there a way for a query to take a value from lookup table and if it has a match it record down the value and continue the next search?
for example I have a group of CIDR in a lookup csv, I want search IPs in log if there is one IP in the specified CIDR range then record down the CIDR then continue search if there is a IP falls in the next CIDR, if not pass to the next CIRD. At the end of search I should have all CIDR that have IPs in the log.
index=network status=404 [|inputlookup CIDR.csv|rename CIDR as src_ip|table src_ip]
the above query will have matches but I want to know which CIDR has the match?
Thanks in advance!
... View more