has_ipv4
This page explains how to use the has_ipv4 function in APL.
Introduction
The has_ipv4
function in Axiom Processing Language (APL) allows you to check if a specified IPv4 address appears in a given text. The function is useful for tasks such as analyzing logs, monitoring security events, and processing network data where you need to identify or filter entries based on IP addresses.
To use has_ipv4
, ensure that IP addresses in the text are properly delimited with non-alphanumeric characters. For example:
- Valid:
192.168.1.1
in"Requests from: 192.168.1.1, 10.1.1.115."
- Invalid:
192.168.1.1
in"192.168.1.1ThisText"
The function returns true
if the IP address is valid and present in the text; otherwise, it returns false
.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
Name | Type | Description |
---|---|---|
source | string | The source text where to search for the IP address. |
ip_address | string | The IP address to look for in the source. |
Returns
true
ifip_address
is a valid IP address and is found insource
.false
otherwise.
Use case example
Identify requests coming from a specific IP address in HTTP logs.
Query
Output
_time | has_ip | status |
---|---|---|
2024-11-14T10:00:00 | true | 200 |
List of related functions
- has_any_ipv4: Matches any IP address in a string column with a list of IP addresses or ranges.
- has_ipv4_prefix: Checks if an IPv4 address matches a single prefix.