The ipv4_is_in_range function in Axiom Processing Language (APL) determines whether an IPv4 address falls within a specified range of addresses. This function is particularly useful for filtering or grouping logs based on geographic regions, network blocks, or security zones. You can use this function to:
  • Analyze logs for requests originating from specific IP address ranges.
  • Detect unauthorized or suspicious activity by isolating traffic outside trusted IP ranges.
  • Aggregate metrics for specific IP blocks or subnets.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

ipv4_is_in_range(ip: string, range: string)

Parameters

ParameterTypeDescription
ipstringThe IPv4 address to evaluate.
rangestringThe IPv4 range in CIDR notation (e.g., 192.168.1.0/24).

Returns

  • true if the IPv4 address is in the range.
  • false otherwise.
  • null if the conversion of a string wasn’t successful.

Use case example

You can use ipv4_is_in_range to identify traffic from specific geographic regions or service provider IP blocks. Query 
['sample-http-logs']
| extend in_range = ipv4_is_in_range('192.168.1.0', '192.168.1.0/24')
Run in Playground Output
geo.cityin_range
Seattletrue
Denvertrue
This query identifies the number of requests from IP addresses in the specified range.
  • ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
  • ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
  • parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.