The ipv4_is_in_any_range function checks whether a given IPv4 address belongs to any range of IPv4 subnets. You can use it to evaluate whether an IP address falls within a set of CIDR blocks or IP ranges, which is useful for filtering, monitoring, or analyzing network traffic in your datasets.

This function is particularly helpful for security monitoring, analyzing log data for specific geolocated traffic, or validating access based on allowed IP ranges.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

ipv4_is_in_any_range(ip_address: string, ranges: dynamic)

Parameters

ParameterTypeDescription
ip_addressstringThe IPv4 address to evaluate.
rangesdynamicA list of IPv4 ranges or CIDR blocks to check against (in JSON array form).

Returns

  • true if the IP address is in any specified range.
  • false otherwise.
  • null if the conversion of a string wasn’t successful.

Use case example

Identify log entries from specific subnets, such as local office IP ranges.

Query

['sample-http-logs'] 
| extend is_in_range = ipv4_is_in_any_range('192.168.0.0', dynamic(['192.168.0.0/24', '10.0.0.0/8']))

Run in Playground

Output

_timeidmethoduristatusis_in_range
2024-11-14 10:00:00user123GET/home200true
  • ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
  • ipv4_is_in_range: Checks if an IP address is within a specified range.
  • ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
  • parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.