So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a subnet to subnet CIDR match, and other than hacking my way out of it, I don’t think the cidrmatch function honors that.
Example..
IPCidr = 10.1.1.0/24
Subnetlookup.csv
10.1.0.0/16
10.2.1.0/24
10.2.0.0/16
Cidrmatch doesn’t work when I try to check IpCidr in Subnetlookup,csv.. The moment I change it to 10.1.1.1, it works.
Any ideas.. is there any other function that does that?
↧