Trying to filter out 4 IP ranges, 3 can use CIDR..... suggestions?

Comments

1 comment

  • Official comment
    Avatar
    Matt Sullivan

    First I would definitely upvote idea 1834 which asks for CIDR based lookup tables. Meantime I would just do something like this:

    | where !(ip="127.0.0.1" or ip="127.0.0.2" or compareCIDRPrefix("10.10.1.32", ip, toInt(27)))

    replacing the individual IPs and ranges of your own, and add more or clauses as req'd.  basically the equality check and compareDICRPrefix operators both return boolean so code similar to above should do the trick

Please sign in to leave a comment.