IP Search

InsightOps supports classless inter-domain routing (CIDR) notation, which allows you to search for a range of IP addresses on your network without using complicated regular expressions. This means you can easily view the most active servers, users, and applications on your network.

Things to know about CIDR notation in InsightOps:

  • This requires a key=value search. IP() on its own does not work.
  • Allowed subnet values are /1 to /32.

In Log Search, enter a query with the following format:

  • Simple Search destination_address = IP(192.168.0.0/24)
  • Advanced Search where(destination_address = IP(192.168.0.0/24))

where

  • destination_address is the field in the log data you want to filter by
  • 192.168.0.0 is the IP address to use as the comparison
  • ** /24** is the block of addresses you want to search

The previous query would return any addresses in the range 192.168.0.1 to 192.168.0.254.

You can adjust the network range of your query by updating the subnet value. For example, replacing /24 with /16 would return any addresses in the range 192.168.0.1 to 192.168.255.254.