A.6 IP Addresses Query

There are several extensions that Sentinel Log Manager has implemented for searching on IP addresses. Specifically, there are a number of convenient ways to specify IP address ranges. These are explained in the following sections:

A.6.1 CIDR Notation

Sentinel Log Manager supports the Classless Inter-Domain Routing (CIDR) notation as a search value for IP address fields such as sip (initiator IP) and dip (target IP) for specifying an IP address range. The notation uses a combination of an IP address and a mask, as follows:


In this notation, n is the number of high order bits in the value to match. For example, consider the following query:


This query returns events whose sip field is an IPv4 address ranging from to

A.6.2 Wildcards in IP Addresses

You can use only the asterisk character (*) in the IP address search values to specify ranges of IP addresses. You cannot use the question mark (?) character.

In IPv4 addresses, an asterisk (*) can be used at any of the positions in the quad format. For example, all of the following queries are valid on the sip field:


If an asterisk (*) is used in one of the quad positions in an IPv4 address, it cannot be combined with other digits. For example, all of the following queries are invalid:


Because the question mark (?) is not allowed, the following queries are invalid: