Use the ipv6_is_match function to determine whether an IPv6 address belongs to a specified IPv6 subnet. This function is useful when you want to classify, filter, or route network events based on IPv6 subnet membership.

You can use ipv6_is_match in scenarios such as identifying traffic from a known address range, enforcing access control policies, or correlating logs to specific networks. It supports CIDR notation for subnet specification and returns a boolean value for each row in your dataset.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

ipv6_is_match(ipv6_address, ipv6_subnet)

Parameters

NameTypeDescription
ipv6_addressstringThe full IPv6 address you want to check.
ipv6_subnetstringThe target subnet in CIDR notation, e.g., 2001:db8::/32.

Returns

A boolean value:

  • true if the ipv6_address belongs to the specified ipv6_subnet.
  • false otherwise.

Example

Identify requests that originate from a known IPv6 subnet.

Query

['sample-http-logs']
| extend isInternal = ipv6_is_match('2001:db8:abcd::1', '2001:db8::/32')
| project _time, uri, method, status, isInternal

Run in Playground

Output

_timeurimethodstatusisInternal
2025-06-28T13:04:10Z/healthGET200true
2025-06-28T13:05:22Z/api/ordersPOST201true
  • ipv4_is_match: Checks whether an IPv4 address belongs to a specified IPv4 subnet. Use it when working with IPv4 addresses.
  • parse_ipv4: Parses a string into an IPv4 address. Use it when working with raw IPv4 strings.