Subnet Search Query

maniel (Daniel) November 27, 2017, 2:04pm 10

according to this thread:

you can use regex in when clause:

when
  has_field("ip") && regex("ip matching regex", to_string($message.ip)).matches == false &&
  has_field("categoryOutcome") && to_string($message.categoryOutcome) == "Success"
then
  // do something
end

regex in your case would look something like this ^(192\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1]))

Topic		Replies	Views
Graylog: Subnet Query Graylog Central (peer support)	7	2448	November 20, 2017
Searching via regular expression. Possible? Graylog Central (peer support)	4	37232	August 1, 2018
Search according to field's type IP? Graylog Central (peer support)	3	604	November 18, 2020
Search for ip ranges (again..) Graylog Central (peer support) documentation	4	2439	December 3, 2021
Search with regex for a numeric field Graylog Central (peer support)	4	2339	September 26, 2018

Subnet Search Query

Related topics