Hi. Is it possible to use match_type=cidr(ipfield) in an ad hoc lookup from the search bar, as opposed to the automatic lookup you'd do with the configuration in transforms.conf? Based on this old question, https://answers.splunk.com/answers/228229/is-it-possible-to-get-a-count-of-ips-from-one-look.html, I'm guessing the answer is no, but I wanted to check. If it's not currently possible, is it an enhancement on the road map?
↧