has_any_ipv4_prefix
This page explains how to use the has_any_ipv4_prefix function in APL.
The
Run in Playground
Output
has_any_ipv4_prefix function in APL lets you determine if an IPv4 address starts with any prefix in a list of specified prefixes. This function is particularly useful for filtering, segmenting, and analyzing data involving IP addresses, such as log data, network traffic, or security events. By efficiently checking prefixes, you can identify IP ranges of interest for purposes like geolocation, access control, or anomaly detection.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, checking if an IP address matches a prefix requires custom search logic with pattern matching or conditional expressions. In APL,
has_any_ipv4_prefix provides a direct and optimized way to perform this check.ANSI SQL users
ANSI SQL users
In ANSI SQL, you need to use
LIKE clauses combined with OR operators to check prefixes. In APL, the has_any_ipv4_prefix function simplifies this process by accepting a dynamic list of prefixes.Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip_column | string | The column containing the IPv4 address. |
prefixes | dynamic | A list of IPv4 prefixes to check against. |
Returns
trueif the IPv4 address matches any of the specified prefixes.falseotherwise.
Use case example
Detect requests from specific IP ranges. Query| _time | has_ip_prefix | status |
|---|---|---|
| 2024-11-14T10:00:00 | true | 200 |
List of related functions
- has_any_ipv4: Matches any IP address in a string column with a list of IP addresses or ranges.
- has_ipv4_prefix: Checks if an IPv4 address matches a single prefix.
- has_ipv4: Checks if a single IP address is present in a string column.