ipv4_compare
This page explains how to use the ipv4_compare function in APL.
The ipv4_compare function in APL allows you to compare two IPv4 addresses lexicographically or numerically. This is useful for sorting IP addresses, validating CIDR ranges, or detecting overlaps between IP ranges. It’s particularly helpful in analyzing network logs, performing security investigations, and managing IP-based filters or rules.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, similar functionality can be achieved using sort or custom commands. In APL, ipv4_compare is a dedicated function for comparing two IPv4 addresses.
ANSI SQL users
ANSI SQL users
In ANSI SQL, you might manually parse or order IP addresses as strings. In APL, ipv4_compare simplifies this task with built-in support for IPv4 comparison.
Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip1 | string | The first IPv4 address to compare. |
ip2 | string | The second IPv4 address to compare. |
Returns
-1ifip1is less thanip20ifip1is equal toip21ifip1is greater thanip2
Use case example
You can use ipv4_compare to sort logs based on IP addresses or to identify connections between specific IPs.
Query
Output
| ip1 | ip2 | comparison |
|---|---|---|
| 192.168.1.1 | 192.168.1.10 | -1 |
This query compares two hardcoded IP addresses. It returns -1, indicating that 192.168.1.1 is lexicographically less than 192.168.1.10.
List of related functions
- ipv4_is_in_range: Checks if an IP address is within a specified range.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.
ipv4_compare
This page explains how to use the ipv4_compare function in APL.
The ipv4_compare function in APL allows you to compare two IPv4 addresses lexicographically or numerically. This is useful for sorting IP addresses, validating CIDR ranges, or detecting overlaps between IP ranges. It’s particularly helpful in analyzing network logs, performing security investigations, and managing IP-based filters or rules.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, similar functionality can be achieved using sort or custom commands. In APL, ipv4_compare is a dedicated function for comparing two IPv4 addresses.
ANSI SQL users
ANSI SQL users
In ANSI SQL, you might manually parse or order IP addresses as strings. In APL, ipv4_compare simplifies this task with built-in support for IPv4 comparison.
Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip1 | string | The first IPv4 address to compare. |
ip2 | string | The second IPv4 address to compare. |
Returns
-1ifip1is less thanip20ifip1is equal toip21ifip1is greater thanip2
Use case example
You can use ipv4_compare to sort logs based on IP addresses or to identify connections between specific IPs.
Query
Output
| ip1 | ip2 | comparison |
|---|---|---|
| 192.168.1.1 | 192.168.1.10 | -1 |
This query compares two hardcoded IP addresses. It returns -1, indicating that 192.168.1.1 is lexicographically less than 192.168.1.10.
List of related functions
- ipv4_is_in_range: Checks if an IP address is within a specified range.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.