Filter Events Using CIDR Subnets - Example 2 | LogScale Query Examples | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Filter Events Using CIDR Subnets - Example 2

Filter events using CIDR subnets to limit search to two specific IP ranges

Query

logscale

cidr(ipAddress, subnet=["192.0.2.0/24", "203.0.113.0/24"])

Introduction

The cidr() function can be used to filter events using CIDR subnets and is used for both IPv4 and IPv6 addresses.

In this example, the cidr() function is used to match events within two IP ranges.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0["Expression"] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
cidr(ipAddress, subnet=["192.0.2.0/24", "203.0.113.0/24"])
```
Matches events for which the ipAddress field is in the IP range 192.0.2.0/24 or 203.0.113.0/24.
Event Result set.

Summary and Results

The query is used to search on specific subnets within the network, uptimizing query performance. The search will only be performed on the IP addresses that fall in the range of the specified subnet filters.

Enter search term