This parameter is deprecated. Use the !cidr(...) negation instead to allow only addresses that are not in the given subnet to pass through (see cidr() Examples) or to allow events without the assigned field to pass through. (deprecated in 1.100.0)
Click + next to an example below to get the full details.
Check if Field Contains Valid IP Address
Check if field contains valid IP address using the cidr() function
Query
logscale
case{cidr("address",subnet=["0.0.0.0/0", "::/0"]) | ip := address;
*
}
Introduction
The cidr() function can be used to filter
events using CIDR subnets and is used for both IPv4 and IPv6
addresses. In this example, the cidr()
function is used to check if a field contains valid IP addresses,
both IPv4 and IPv6.
Step-by-Step
Starting with the source repository events.
logscale
case{cidr("address",subnet=["0.0.0.0/0", "::/0"]) | ip := address;
*
}
Checks if a field contains valid IP addresses, both IPv4 and
IPv6, and then assigns that address to the field
ip.
If you only want to check for valid IPv4 adresses, use:
cidr("address", subnet="0.0.0.0/0")
If you only want to check for valid IPv6 adresses, use:
cidr("address", subnet="::/0")
Event Result set.
Summary and Results
The query is used to check for valid IP addresses.
Filter Events Using CIDR Subnets - Example 1
Filter events using CIDR subnets to limit search to an IP within an IP range
Query
logscale
cidr(ipAddress,subnet="192.0.2.0/24")
Introduction
The cidr() function can be used to filter
events using CIDR subnets and is used for both IPv4 and IPv6
addresses. In this example, the cidr()
function is used to match events where an IP is within a given IP
range.
Step-by-Step
Starting with the source repository events.
logscale
cidr(ipAddress,subnet="192.0.2.0/24")
Matches events for which the
ipAddress field is in
the IP range 192.0.2.0/24.
Event Result set.
Summary and Results
The query is used to search on specific subnets within the
network, optimizing query performance. The search will only be
performed on the IP addresses that fall in the range of the
specified subnet filter.
Filter Events Using CIDR Subnets - Example 2
Filter events using CIDR subnets to limit search to two specific IP ranges
The cidr() function can be used to filter
events using CIDR subnets and is used for both IPv4 and IPv6
addresses. In this example, the cidr()
function is used to match events within two IP ranges.
Matches events for which the
ipAddress field is in
the IP range 192.0.2.0/24 or 203.0.113.0/24.
Event Result set.
Summary and Results
The query is used to search on specific subnets within the
network, uptimizing query performance. The search will only be
performed on the IP addresses that fall in the range of the
specified subnet filters.
Filter Events Using CIDR Subnets - Example 3
Filter events using CIDR subnets to match attributes listed in an uploaded cidrfile.csv
The cidr() function can be used to filter
events using CIDR subnets and is used for both IPv4 and IPv6
addresses. In this example, the cidr()
function is used to match events for which the
SRC attributes is one of
those listed in the uploaded file
cidrfile.csv with the subnets in the column
cidr-block.
Matches events for which the
SRC field is one of those
listed in the uploaded file
cidrfile.csv with the
subnets in the column
cidr-block.
Event Result set.
Summary and Results
The query is used to search on specific subnets within the
network, uptimizing query performance. The search will only be
performed on the IP addresses that fall in the range of the
specified subnet filter.
Filter Events Using CIDR Subnets - Example 4
Filter events using CIDR subnets with negation to match events not in a given IP range
Query
logscale
!cidr(ipAddress,subnet="192.0.2.0/24")
Introduction
The cidr() function can be used to filter
events using CIDR subnets and is used for both IPv4 and IPv6
addresses. In this example, the cidr()
function is used with a negation to match events for which the
ipAddress attributes is not
in a given IP range.
Step-by-Step
Starting with the source repository events.
logscale
!cidr(ipAddress,subnet="192.0.2.0/24")
Matches events for which the
ipAddress field is not
in the IP range 192.0.2.0/24.
Event Result set.
Summary and Results
The query is used to search on specific subnets within the
network, uptimizing query performance. The search will only be
performed on the IP addresses that does not fall in the range of
the specified subnet filter.