New addition to our Search Language - IN keyword

We wanted to give you a simple and easy way, that you can search through your log list.

A use case in life would be searching through your Firewall logs.

Original query:

    where(connection_status=/accept/i AND direction!=/outbound/i AND
source_address!=/10\..*|127\..*|172\.(1[6-9]|2[0-9]|3[01])\..*|192\.168\..*/ AND
destination_port=/3389|5938|5900/)  groupby(geoip_country_name) limit(1000)

A new equivalent query with the list will:

  • Simply enumerate your private IP addresses and ports
  • No need to use regex for sub-net checking
  • Operates with IP addresses and numeric ports rather than strings
  • No need of specifying keys each time

where(connection_status=/accept/i AND direction!=/outbound/i AND source_address NOT IN [IP(, IP(, IP(172, 16.0.0/16), IP(] AND destination_port IN [3389, 5938, 5900]) groupby(geoip_country_name) limit(1000)

Let us know what do you think :slight_smile: