Hi.
I'm trying to make a database lookup with CIDR match. I created the database lookup, and it works, but when I put the attribute match_type with value CIDR(), this lookup stops to work.
For example:
I get for database table this data:
| net_id | sector
| 192.168.50.0/24 | Sector 1
| 192.168.51.0/24 | Sector 2
| 192.168.52.0/24 | Sector 2
On Splunk search, The table contains this examples:
| src_ip |
| 192.168.50.252 |
| 192.168.51.2 |
| 192.168.52.100 |
On transforms.conf, have this content:
[db_connect_test_sectors]
external_cmd = dbxlookup.py test_sectors
fields_list = "net_id", "sector"
match_type = CIDR(net_id)
The database lookup seems not to accept CIDR match. I tested without attribute "match_type" finding other fields with network id and it works.
Can you help me?
Detail: I want to use this lookup on search time with command "lookup".
↧