Skip to main content
The ipv4_compare function in APL allows you to compare two IPv4 addresses lexicographically or numerically. This is useful for sorting IP addresses, validating CIDR ranges, or detecting overlaps between IP ranges. It’s particularly helpful in analyzing network logs, performing security investigations, and managing IP-based filters or rules.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, similar functionality can be achieved using sort or custom commands. In APL, ipv4_compare is a dedicated function for comparing two IPv4 addresses.
In ANSI SQL, you might manually parse or order IP addresses as strings. In APL, ipv4_compare simplifies this task with built-in support for IPv4 comparison.

Usage

Syntax

Parameters

Returns

  • -1 if ip1 is less than ip2
  • 0 if ip1 is equal to ip2
  • 1 if ip1 is greater than ip2

Use case example

You can use ipv4_compare to sort logs based on IP addresses or to identify connections between specific IPs. Query
Run in Playground Output This query compares two hardcoded IP addresses. It returns -1, indicating that 192.168.1.1 is lexicographically less than 192.168.1.10.
  • ipv4_is_in_range: Checks if an IP address is within a specified range.
  • ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
  • parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.