Scalar functions

IP functions

Function NameDescription
format_ipv4()Parses input with a netmask and returns string representing IPv4 address.
parse_ipv4()Converts input to long (signed 64-bit) number representation.
parse_ipv4_mask()Converts input string and IP-prefix mask to long (signed 64-bit) number representation.
ipv4_is_in_range()Checks if IPv4 string address is in IPv4-prefix notation range.
ipv4_is_private()Checks if IPv4 string address belongs to a set of private network IPs.
ipv4_netmask_suffix()Returns the value of the IPv4 netmask suffix from IPv4 string address.

IP-prefix notation

IP addresses can be defined with IP-prefix notation using a slash (/) character. The IP address to the LEFT of the slash (/*) is the base IP address. The number (1 to 32) to the RIGHT of the slash (/) is the number of contiguous 1 bit in the netmask.

For example, 192.168.2.0/24 will have an associated net/subnetmask containing 24 contiguous bits or 255.255.255.0 in dotted decimal format.


format_ipv4()

Parses input with a netmask and returns string representing IPv4 address.

Arguments

  • Expr(IP): A string or number representation of the IPv4 address.

Returns

If conversion is successful, the result will be a string representing IPv4 address. If conversion isn't successful, the result will be an empty string.

Example

format_ipv4(ip)
['sample-http-logs']
| project str_ipv4 = format_ipv4("192.168.2.0")

parse_ipv4()

Converts IPv4 string to long (signed 64-bit) number representation.

Arguments

  • Expr: String expression representing IPv4 that will be converted to long. String may include net-mask using IP-prefix notation.

Returns

If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.

Example

parse_ipv4(Expr)
['sample-http-logs']
| project parsed_ipv4 = parse_ipv4("192.168.2.0")
  • Result
{
  "parsed_ipv4": 3232236032
}

parse_ipv4_mask()

Converts the input string of IPv4 and netmask to long number representation (signed 64-bit).

Arguments

  • Expr: A string representation of the IPv4 address that will be converted to long.
  • PrefixMask: An integer from 0 to 32 representing the number of most-significant bits that are taken into account.

Returns

If conversion is successful, the result will be a long number. If conversion isn't successful, the result will be null.

Example

parse_ipv4_mask(Expr, PrefixMask)
['sample-http-logs']
| project parsed_ipv4 = parse_ipv4_mask("192.5.1.4", 24)
  • Result
{
  "parsed_ipv4": 3221553408
}

ipv4_is_in_range()

Checks if IPv4 string address is in IPv4-prefix notation range.

Arguments

  • Ipv4Address: A string expression representing an IPv4 address.
  • Ipv4Range: A string expression representing an IPv4 range using IP-prefix notation.

Returns

  • true: If the long representation of the first IPv4 string argument is in range of the second IPv4 string argument.
  • false: Otherwise.
  • null: If conversion for one of the two IPv4 strings wasn't successful.

Examples

ipv4_is_in_range('192.168.1.5', '192.168.1.2/24')
ipv4_is_in_range("127.2.3.1", "127.2.3.1") == true
ipv4_is_in_range('192.168.1.5', '192.168.1.5/24') == true
ipv4_is_in_range('192.168.1.5', '192.168.2.1/24') == false

ipv4_is_private()

Checks if IPv4 string address belongs to a set of private network IPs.

Private IPv4 addresses

The private IPv4 addresses reserved for private networks by the Internet Assigned Numbers Authority (IANA) are:

IP address rangeNumber of addressesLargest CIDR block (subnet mask)
10.0.0.0 – 10.255.255.2551677721610.0.0.0/8 (255.0.0.0)
172.16.0.0 – 172.31.255.2551048576172.16.0.0/12 (255.240.0.0)
192.168.0.0 – 192.168.255.25565536192.168.0.0/16 (255.255.0.0)

Arguments

  • Expr: A string expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation.

Returns

  • true: If the IPv4 address belongs to any of the private network ranges.
  • false: Otherwise.
  • null: If parsing of the input as IPv4 address string wasn't successful.

Example

ipv4_is_private('192.168.2.1') == true
ipv4_is_private('208.1.2.3') == false

ipv4_netmask_suffix()

Returns the value of the IPv4 netmask suffix from IPv4 string address.

Arguments

Expr: A string expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation.

Returns

  • The value of the netmask suffix the IPv4 address. If suffix is not present in the input, a value of 32 (full netmask suffix) is returned.

  • null: If parsing of the input as IPv4 address string wasn't successful.

Example

ipv4_netmask_suffix('192.164.2.2/24') == 24
ipv4_netmask_suffix('192.166.1.2') == 32

Was this page helpful?