ipv4_is_in_any_range
This page explains how to use the ipv4_is_in_any_range function in APL.
The ipv4_is_in_any_range function checks whether a given IPv4 address belongs to any range of IPv4 subnets. You can use it to evaluate whether an IP address falls within a set of CIDR blocks or IP ranges, which is useful for filtering, monitoring, or analyzing network traffic in your datasets.
This function is particularly helpful for security monitoring, analyzing log data for specific geolocated traffic, or validating access based on allowed IP ranges.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, you use cidrmatch to check if an IP belongs to a range. In APL, ipv4_is_in_any_range is equivalent, but it supports evaluating against multiple ranges simultaneously.
ANSI SQL users
ANSI SQL users
ANSI SQL does not have a built-in function for checking IP ranges. Instead, you use custom functions or comparisons. APL’s ipv4_is_in_any_range simplifies this by handling multiple CIDR blocks and ranges in a single function.
Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip_address | string | The IPv4 address to evaluate. |
ranges | dynamic | A list of IPv4 ranges or CIDR blocks to check against (in JSON array form). |
Returns
trueif the IP address is in any specified range.falseotherwise.nullif the conversion of a string wasn’t successful.
Use case example
Identify log entries from specific subnets, such as local office IP ranges.
Query
Output
| _time | id | method | uri | status | is_in_range |
|---|---|---|---|---|---|
| 2024-11-14 10:00:00 | user123 | GET | /home | 200 | true |
List of related functions
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- ipv4_is_in_range: Checks if an IP address is within a specified range.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.
ipv4_is_in_any_range
This page explains how to use the ipv4_is_in_any_range function in APL.
The ipv4_is_in_any_range function checks whether a given IPv4 address belongs to any range of IPv4 subnets. You can use it to evaluate whether an IP address falls within a set of CIDR blocks or IP ranges, which is useful for filtering, monitoring, or analyzing network traffic in your datasets.
This function is particularly helpful for security monitoring, analyzing log data for specific geolocated traffic, or validating access based on allowed IP ranges.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, you use cidrmatch to check if an IP belongs to a range. In APL, ipv4_is_in_any_range is equivalent, but it supports evaluating against multiple ranges simultaneously.
ANSI SQL users
ANSI SQL users
ANSI SQL does not have a built-in function for checking IP ranges. Instead, you use custom functions or comparisons. APL’s ipv4_is_in_any_range simplifies this by handling multiple CIDR blocks and ranges in a single function.
Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip_address | string | The IPv4 address to evaluate. |
ranges | dynamic | A list of IPv4 ranges or CIDR blocks to check against (in JSON array form). |
Returns
trueif the IP address is in any specified range.falseotherwise.nullif the conversion of a string wasn’t successful.
Use case example
Identify log entries from specific subnets, such as local office IP ranges.
Query
Output
| _time | id | method | uri | status | is_in_range |
|---|---|---|---|---|---|
| 2024-11-14 10:00:00 | user123 | GET | /home | 200 | true |
List of related functions
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- ipv4_is_in_range: Checks if an IP address is within a specified range.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.