Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Reporting

Reply
Highlighted

Anyone have splunk-ism for converting client IP to CIDR block?

Authority
Posts: 17
5536     0

Currently a number of reports/dashboards use the actual IP of the clients.  We are in a bit of a unique position in that we are the recursive server for a number of agencies/divisions who run their own local DNS servers which forward to us so we never see the actual client addres, only the local DNS server.  I would like to modify copies of the reports to basically give me results based on the CIDR block that the client belongs to, and roll all clients into that range as a single entry/grouping.  

 

Is this something any of you have already done?  I hate to reinvent the wheel, especially when I'm learning a new way of doing it.

Highlighted

Re: Anyone have splunk-ism for converting client IP to CIDR block?

Adviser
Posts: 97
5536     0

This Splunk post provides an example of how to accomplish that:

 

https://answers.splunk.com/answers/54880/group-ip-addresses-in-cidr-format.html

 

Highlighted

Re: Anyone have splunk-ism for converting client IP to CIDR block?

Authority
Posts: 17
5536     0

Thanks.

 

I actually found that exact one last night.  I've been poking at using it some today and can see that it's working in the queries, but not getting any display values in the table.  It's only a matter of understanding how to tell splunk to spit it out now.  

 

If all else fails, I'll dig in my drawer for a bigger hammer.

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You