CIDR notation in search?

(Dataolle) #1

I wonder if it is possible to use CIDR notation in the search field? I would like to use something like “source-address:”?
I see it is supported to use cidr match in pipeline rules but i see no mention of using cidr in the search?
When i try i only get errors like this one:

Error Message:
Cannot parse ‘source-address:’: Lexical error at line 1, column 29. Encountered: after : "/16"

When i escape the / i get no hits? Maybe it is the wrong type on the source-address field?

(Jochen) #2

CIDR notation is currently not supported in the query language used by Graylog.

(Ayoola Ayooluwa) #3

So how can the CIDR be used and where exactly can we use it before we would be able to search. or we can’t just make use of it?

(Jochen) #4

Nothing has changed since my last reply to this topic.

(Ayoola Ayooluwa) #5

So you’re saying if we want to isolate a group of private ip addresses, i have to input them one after the other and not their ranges. wow…

(Jochen) #6

Feel free to open a feature request at