You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 21, 2023. It is now read-only.
It would be useful to have the ability to perform a cidr_match on the keys of a lookup table.
The goal would be to look up a specific IP in a list of subnets and have the column(s) for the subnet to which that IP belongs returned.
For example, looking up 192.168.7.3 against the following CSV would return 'office':
"subnet","subnet_name"
"192.168.0.0/16","office"
"10.10.10.0/24","datacenter1"
"10.10.20.0/24","datacenter2"
Currently, a 1:1 match is required for the key such that the subnet would have to be known before the lookup could be performed.
For reference, the Graylog Community thread: https://community.graylog.org/t/mapping-ips-to-subnets/4083
It may also be a solution to use a custom MaxMind DB for this as described here: https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/
But it appears as if Graylog can only use the predefined City and Country MMDB formats for a data adapter.
The text was updated successfully, but these errors were encountered: