Filters events using CIDR subnets. Used for both IPv4 and IPv6 addresses.

ParameterTypeRequiredDefault ValueDescription
columnstringoptional[a]   When file and column parameters are used together, it loads the subnet list from the given .csv.
field[b]stringrequired   Specifies the field that the CIDR expression runs against.
filestringoptional[a]   When file and column parameters are used together, it loads the subnet list from the given .csv.
negate (deprecated)booleanoptional[a] false This parameter is deprecated. Use the !cidr(...) negation instead to allow only addresses that are not in the given subnet to pass through (see cidr() Examples) or to allow events without the assigned field to pass through. (deprecated in 1.100.0)
subnetarray of stringsoptional[a]   Specifies the list of IP ranges the CIDR expression matches with.

[a] Optional parameters use their default value unless explicitly set.

[b] The parameter name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Hide negatable operation for this function

Show negatable operation for this function

cidr() Examples

Click + next to an example below to get the full details.

Check if Field Contains Valid IP Address

Check if field contains valid IP address using the cidr() function

Filter Events Using CIDR Subnets - Example 1

Filter events using CIDR subnets to limit search to an IP within an IP range

Filter Events Using CIDR Subnets - Example 2

Filter events using CIDR subnets to limit search to two specific IP ranges

Filter Events Using CIDR Subnets - Example 3

Filter events using CIDR subnets to match attributes listed in an uploaded cidrfile.csv

Filter Events Using CIDR Subnets - Example 4

Filter events using CIDR subnets with negation to match events not in a given IP range