Skip to main content
The parse_ipv4 function in APL extracts the four octets of an IPv4 address and represents them as integers. You can use this function to break down an IPv4 address into its constituent components for advanced analysis, filtering, or comparisons. It is especially useful for tasks like analyzing network traffic logs, identifying trends in IP address usage, or performing security-related queries.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, extracting IPv4 components requires using regular expressions or string manipulation. APL simplifies this process with the dedicated parse_ipv4 function.
In ANSI SQL, breaking down an IPv4 address often requires using functions like SUBSTRING or SPLIT. APL offers the parse_ipv4 function as a straightforward alternative.

Usage

Syntax

Parameters

Returns

The function returns an array of four integers, each representing an octet of the IPv4 address.

Use case example

You can use the parse_ipv4 function to analyze web traffic by breaking down user IP addresses into octets. Query
Run in Playground Output
  • has_any_ipv4: Matches any IP address in a string column with a list of IP addresses or ranges.
  • has_ipv4_prefix: Checks if an IPv4 address matches a single prefix.
  • has_ipv4: Checks if a single IP address is present in a string column.
  • ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
  • ipv4_is_in_range: Checks if an IP address is within a specified range.
  • ipv4_is_private: Checks if an IPv4 address is within private IP ranges.