has_any_ipv4
This page explains how to use the has_any_ipv4 function in APL.
The
Run in Playground
Output
This query identifies log entries from specific IPs or subnets.
has_any_ipv4 function in Axiom Processing Language (APL) allows you to check whether a specified column contains any IPv4 addresses from a given set of IPv4 addresses or CIDR ranges. This function is useful when analyzing logs, tracing OpenTelemetry data, or investigating security events to quickly filter records based on a predefined list of IP addresses or subnets.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk, you typically use the
cidrmatch or similar functions for working with IP ranges. In APL, has_any_ipv4 offers similar functionality by matching any IPv4 address in a column against multiple values or ranges.ANSI SQL users
ANSI SQL users
SQL does not natively support CIDR matching or IP address comparison out of the box. In APL, the
has_any_ipv4 function is designed to simplify these checks with concise syntax.Usage
Syntax
Parameters
| Parameter | Description | Type |
|---|---|---|
column | The column to evaluate. | string |
ip_list | A list of IPv4 addresses or CIDR ranges. | dynamic |
Returns
A boolean value indicating whether the specified column contains any of the given IPv4 addresses or matches any of the CIDR ranges inip_list.
Use case example
When analyzing logs, you can usehas_any_ipv4 to filter requests from specific IPv4 addresses or subnets.
Query
| _time | has_ip | status |
|---|---|---|
| 2024-11-14T10:00:00 | true | 200 |
List of related functions
- has_ipv4_prefix: Checks if an IPv4 address matches a single prefix.
- has_ipv4: Checks if a single IP address is present in a string column.