Filters events using CIDR subnets.

ParameterTypeRequiredDefaultDescription
columnstringfalse When file and column parameters are used together, load subnet list from given CSV.
fieldstringfalse Specifies the field to run the CIDR expression against.
filestringfalse When file and column parameters are used together, load subnet list from given CSV.
negatebooleanfalsefalseOnly let addresses not in the given subnet pass through. Also let events without the assigned field pass through.
subnet[string]false description

Examples

Matches events for which the ipAddress attributes is in the ip range 192.0.2.0/24

humio
cidr(ipAddress, subnet="192.0.2.0/24")

Matches events for which the ipAddress attributes is in the ip range 192.0.2.0/24 or 203.0.113.0/24

humio
cidr(ipAddress, subnet=["192.0.2.0/24", "203.0.113.0/24"])

Matches events for which the SRC attributes is one of those listed in the uploaded file cidrfile.csv with the subnets in the column cidr-block

humio
cidr(field=SRC, file="cidrfile.csv", column="cidr-block")