Global Search for CIDR Using Slash Notation

If your Explore Appliance is running version 6.2 or later, you will be able to search for a CIDR block using slash notation, but there is one tweak you will need to make if using the global search bar at the top-right of the screen:

The following screenshots are from the Extrahop online demo:

Step 1: Input CIDR in global search:

This will return an empty search-result set:

Step 2: Modify the filter Any Field = 172.22.0.0/16:

Step 3: Change field from Any Field to one with the IP Address data type, like Client Address:

NOTE: There are multiple fields that use the IP Address type, including fields from your own custom records:

Step 4: Profit! You should now have a record result-set filtered to the CIDR of your choice:

NOTE: It is possible to use complex queries to filter for multiple CIDR blocks, or combine filter criteria in various ways.

1 Like