CIDR notation in search?


(Dataolle) #1

I wonder if it is possible to use CIDR notation in the search field? I would like to use something like “source-address:10.66.27.128/27”?
I see it is supported to use cidr match in pipeline rules but i see no mention of using cidr in the search?
When i try i only get errors like this one:

Error Message:
Cannot parse ‘source-address: 10.66.0.0/16’: Lexical error at line 1, column 29. Encountered: after : "/16"
Exception:
org.apache.lucene.queryparser.classic.ParseException

When i escape the / i get no hits? Maybe it is the wrong type on the source-address field?


(Jochen) #2

CIDR notation is currently not supported in the query language used by Graylog.


(Ayoola Ayooluwa) #3

So how can the CIDR be used and where exactly can we use it before we would be able to search. or we can’t just make use of it?


(Jochen) #4

Nothing has changed since my last reply to this topic.


(Ayoola Ayooluwa) #5

So you’re saying if we want to isolate a group of private ip addresses, i have to input them one after the other and not their ranges. wow…


(Jochen) #6

Feel free to open a feature request at https://github.com/Graylog2/graylog2-server/issues/.