This page explains how to use the ipv4_is_private function in APL.
ipv4_is_private
function determines if an IPv4 address belongs to a private range, as defined by RFC 1918. You can use this function to filter private addresses in datasets such as server logs, network traffic, and other IP-based data.
This function is especially useful in scenarios where you want to:
IP address range | Number of addresses | Largest CIDR block (subnet mask) |
---|---|---|
10.0.0.0 – 10.255.255.255 | 16777216 | 10.0.0.0/8 (255.0.0.0) |
172.16.0.0 – 172.31.255.255 | 1048576 | 172.16.0.0/12 (255.240.0.0) |
192.168.0.0 – 192.168.255.255 | 65536 | 192.168.0.0/16 (255.255.0.0) |
Splunk SPL users
ipv4_is_private
function offers a built-in and concise way to achieve the same result.ANSI SQL users
CASE
statements with CIDR-based checks or regex patterns to detect private IPs. In APL, the ipv4_is_private
function simplifies this with a single call.Parameter | Type | Description |
---|---|---|
ip | string | The IPv4 address to evaluate for private range status. |
true
: The input IP address is private.false
: The input IP address is not private.ipv4_is_private
to filter logs and focus on public traffic for external analysis.
Query
geo.country | is_private |
---|---|
USA | true |
UK | true |