This page explains how to use the ipv6_is_in_range function in APL.
ipv6_is_in_range
function to check whether an IPv6 address falls within a specified IPv6 CIDR range. This is useful when you need to classify, filter, or segment network traffic by address range—such as identifying requests from internal subnets, geo-localized regional blocks, or known malicious networks.
You can use this function when analyzing HTTP logs, trace telemetry, or security events where IPv6 addresses are present, and you want to restrict attention to or exclude certain address ranges.
Splunk SPL users
ipv6_is_in_range
.ANSI SQL users
ipv6_is_in_range
provides this capability out of the box.Name | Type | Description |
---|---|---|
ipv6 | string | The IPv6 address to check. |
cidr_range | string | The IPv6 CIDR block (e.g. '2001:db8::/32' ). |
bool
value:
true
if the IPv6 address is within the specified CIDR range.false
otherwise._time | span_id | [‘service.name’] | duration | inRange |
---|---|---|---|---|
2025-06-28T11:20:00Z | span-124 | frontend | 00:00:02.4 | true |
2025-06-28T11:21:03Z | span-209 | cartservice | 00:00:01.1 | true |