Filters events using CIDR subnets.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
column | string | false | When file and column parameters are used together, it loads the subnet list from the given .csv. | |
field | string | false | Specifies the field that the CIDR expression runs against. [a] | |
file | string | false | When file and column parameters are used together, it loads the subnet list from the given .csv. | |
negate | boolean | false | false | Allows only addresses that are not in the given subnet to pass through. It also allows events without the assigned field to pass through. |
subnet | [string] | false | Specifies the list of IP ranges the CIDR expression matches with. | |
Examples
Matches events for which the
ipAddress attributes is in the ip
range 192.0.2.0/24
logscale
cidr(ipAddress, subnet="192.0.2.0/24")
Matches events for which the
ipAddress attributes is in the ip
range 192.0.2.0/24 or 203.0.113.0/24
logscale
cidr(ipAddress, subnet=["192.0.2.0/24", "203.0.113.0/24"])
Matches events for which the SRC
attributes is one of those listed in the uploaded file
cidrfile.csv with the subnets in the column
cidr-block
logscale
cidr(field=SRC, file="cidrfile.csv", column="cidr-block")