I would like to exclude an ip range in my kibana visualization via a search similar to "NOT dst_ip:10.0.0.0/8 ". the field is of type ip. Any help would be appreciated.
Surprisingly I can't find any documentation of this, but I think
NOT dst_ip:[10.0.0.0 TO 10.255.255.255]
works.
Thanks @magnusbaeck, I also have also tried the following and it seems to work as well.
NOT dst_ip:10.0.0.0/8 OR NOT dst_ip:192.168.0.0/16
1 Like