So IP to a subnet Cidr match has always worked in Splunk. No issues there. BUT a request came where we need to do a subnet to subnet cidr match and other than hacking my way out of it , don’t think the cidrmatch function honors that.
Example..
IPCidr = 10.1.1.0/24
Subnetlookup.csv
10.1.0.0/16
10.2.1.0/24
10.2.0.0/16
Cidrmatch doesn’t work when I try to check IpCidr in Subnetlookup,csv.. Moment I change it to 10.1.1.1 it works. Any ideas.. is there any other function which does that?
↧