Skip to main content

Putting It All Together (CIDR)

So, in this third Lookup implementation, we:

  • Extracted fields using the Parser Function.
  • Configured the Lookup Function to use the CIDR match mode.
  • Used the Eval Function to route each event to the correct SIEM index.
  • Used the Drop Function to filter out events without an associated team.

In conclusion, we used the CIDR match mode to sort interleaved events into groups that make sense for our customer's business needs. We simultaneously provided them a return on their Cribl Stream investment, by helping them filter out events they don't need – reducing downstream licensing and infrastructure costs.