Lookup for overlapping networks

[seiimonn]

You state that the lookup matches on the longest netmask. In my testing this does not work. If there are multiple CIDR networks matching there is no result.

[doksu]

Thanks for letting me know. The behaviour of CIDR lookups isn't clearly documented; through testing at the time of development this was the behaviour exhibited, so I suspect it may have been changed in recent versions of Splunk. Will investigate further.