Graylog Query by IP Address with Wildcard/CIDR

If you are searching Graylog logs that are not properly indexed (ip address is not in a field) you may need to perform a text search for an IP Address or IP Addresses.

IP Address Queries

The following queries are examples of how to query Graylog for one or more IP addresses (not using a field)

Query a single IP Address:

The backslashes are optional

10\.2\.1\.15
10.2.1.15

Query with a wildcard in one of the octet positions of the IP Address:

The backslashes are optional

10\.2\.1\.*
10.2.1.*

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>