ipv4_is_in_range
This page explains how to use the ipv4_is_in_range function in APL.
The ipv4_is_in_range
function in Axiom Processing Language (APL) determines whether an IPv4 address falls within a specified range of addresses. This function is particularly useful for filtering or grouping logs based on geographic regions, network blocks, or security zones.
You can use this function to:
- Analyze logs for requests originating from specific IP address ranges.
- Detect unauthorized or suspicious activity by isolating traffic outside trusted IP ranges.
- Aggregate metrics for specific IP blocks or subnets.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
The ipv4_is_in_range
function in APL operates similarly to the cidrmatch
function in Splunk SPL. Both determine whether an IP address belongs to a specified range, but APL uses a different syntax and format.
ANSI SQL users
ANSI SQL users
ANSI SQL doesn’t have a built-in equivalent for determining if an IP address belongs to a CIDR range. In SQL, you would typically need custom functions or expressions to achieve this. APL’s ipv4_is_in_range
provides a concise way to perform this operation.
Usage
Syntax
Parameters
Parameter | Type | Description |
---|---|---|
ip | string | The IPv4 address to evaluate. |
range | string | The IPv4 range in CIDR notation (e.g., 192.168.1.0/24 ). |
Returns
true
if the IPv4 address is in the range.false
otherwise.null
if the conversion of a string wasn’t successful.
Use case example
You can use ipv4_is_in_range
to identify traffic from specific geographic regions or service provider IP blocks.
Query
Output
geo.city | in_range |
---|---|
Seattle | true |
Denver | true |
This query identifies the number of requests from IP addresses in the specified range.
List of related functions
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.