Scalar functions

IP functions

IP-prefix notation

IP addresses can be defined with IP-prefix notation using a slash (/) character. The IP address to the LEFT of the slash (/*) is the base IP address. The number (1 to 32) to the RIGHT of the slash (/) is the number of contiguous 1 bit in the netmask.

For example, 192.168.2.0/24 will have an associated net/subnetmask containing 24 contiguous bits or 255.255.255.0 in dotted decimal format.

format_ipv4()

Parses input with a netmask and returns string representing IPv4 address.

Arguments

• Expr(IP): A string or number representation of the IPv4 address.

Returns

If conversion is successful, the result will be a string representing IPv4 address. If conversion isn't successful, the result will be an empty string.

Example

format_ipv4(ip)

['sample-http-logs']
| project str_ipv4 = format_ipv4("192.168.2.0")

parse_ipv4()

Converts IPv4 string to long (signed 64-bit) number representation.

Arguments

• Expr: String expression representing IPv4 that will be converted to long. String may include net-mask using IP-prefix notation.

Returns

If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.

Example

parse_ipv4(Expr)

['sample-http-logs']
| project parsed_ipv4 = parse_ipv4("192.168.2.0")

• Result

{
  "parsed_ipv4": 3232236032
}

parse_ipv4_mask()

Converts the input string of IPv4 and netmask to long number representation (signed 64-bit).

Arguments

• Expr: A string representation of the IPv4 address that will be converted to long.
• PrefixMask: An integer from 0 to 32 representing the number of most-significant bits that are taken into account.

Returns

If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.

Example

parse_ipv4_mask(Expr, PrefixMask)

['sample-http-logs']
| project parsed_ipv4 = parse_ipv4_mask("192.5.1.4", 24)

• Result

{
  "parsed_ipv4": 3221553408
}

ipv4_is_in_range()

Checks if IPv4 string address is in IPv4-prefix notation range.

Arguments

• Ipv4Address: A string expression representing an IPv4 address.
• Ipv4Range: A string expression representing an IPv4 range using IP-prefix notation.

Returns

• true: If the long representation of the first IPv4 string argument is in range of the second IPv4 string argument.
• false: Otherwise.
• null: If conversion for one of the two IPv4 strings wasn't successful.

Examples

ipv4_is_in_range('192.168.1.5', '192.168.1.2/24')

ipv4_is_in_range("127.2.3.1", "127.2.3.1") == true

ipv4_is_in_range('192.168.1.5', '192.168.1.5/24') == true

ipv4_is_in_range('192.168.1.5', '192.168.2.1/24') == false

ipv4_is_private()

Checks if IPv4 string address belongs to a set of private network IPs.

Private IPv4 addresses

The private IPv4 addresses reserved for private networks by the Internet Assigned Numbers Authority (IANA) are:

Arguments

• Expr: A string expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation.

Returns

• true: If the IPv4 address belongs to any of the private network ranges.
• false: Otherwise.
• null: If parsing of the input as IPv4 address string wasn't successful.

Example

ipv4_is_private('192.168.2.1') == true

ipv4_is_private('208.1.2.3') == false

ipv4_netmask_suffix()

Returns the value of the IPv4 netmask suffix from IPv4 string address.

Arguments

Expr: A string expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation.

Returns

• The value of the netmask suffix the IPv4 address. If suffix is not present in the input, a value of 32 (full netmask suffix) is returned.

• null: If parsing of the input as IPv4 address string wasn't successful.

Example

ipv4_netmask_suffix('192.164.2.2/24') == 24

ipv4_netmask_suffix('192.166.1.2') == 32