CIDR notation in search?

dataolle · March 27, 2017, 3:37pm

I wonder if it is possible to use CIDR notation in the search field? I would like to use something like “source-address:10.66.27.128/27”?
I see it is supported to use cidr match in pipeline rules but i see no mention of using cidr in the search?
When i try i only get errors like this one:

Error Message:
Cannot parse ‘source-address: 10.66.0.0/16’: Lexical error at line 1, column 29. Encountered: after : "/16"
Exception:
org.apache.lucene.queryparser.classic.ParseException

When i escape the / i get no hits? Maybe it is the wrong type on the source-address field?

jochen · March 28, 2017, 8:30am

CIDR notation is currently not supported in the query language used by Graylog.

haywhai · November 6, 2017, 3:57pm

So how can the CIDR be used and where exactly can we use it before we would be able to search. or we can’t just make use of it?

jochen · November 6, 2017, 4:02pm

Nothing has changed since my last reply to this topic.

haywhai · November 6, 2017, 4:04pm

So you’re saying if we want to isolate a group of private ip addresses, i have to input them one after the other and not their ranges. wow…

jochen · November 6, 2017, 4:20pm

Feel free to open a feature request at https://github.com/Graylog2/graylog2-server/issues/.

Topic		Replies	Views
How to add cidr in the search example : search logs based of 192.168.1.0/24 Graylog Central (peer support)	3	732	July 1, 2022
This IPv6 address cannot be used in IPv4 context Graylog Central (peer support)	4	1011	February 25, 2017
FIlter IP range in Pipeline Graylog Tech Challenges pipeline-rules , debuggingpl	6	1639	July 26, 2021
Regex in Search Field Graylog Central (peer support)	6	1420	September 20, 2018
Search for ip ranges (again..) Graylog Central (peer support) documentation	4	2440	December 3, 2021

CIDR notation in search?

Related topics