Graylog Query by IP Address with Wildcard/CIDR

If you are searching Graylog logs that are not properly indexed (ip address is not in a field) you may need to perform a text search for an IP Address or IP Addresses.

IP Address Queries

The following queries are examples of how to query Graylog for one or more IP addresses (not using a field)

Query a single IP Address:

The backslashes are optional

10\.2\.1\.15
10.2.1.15

Query with a wildcard in one of the octet positions of the IP Address:

The backslashes are optional

10\.2\.1\.*
10.2.1.*

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.