IP functions
ipv4_is_in_range
This page explains how to use the ipv4_is_in_range function in APL.
The ipv4_is_in_range
function in Axiom Processing Language (APL) determines whether an IPv4 address falls within a specified range of addresses. This function is particularly useful for filtering or grouping logs based on geographic regions, network blocks, or security zones.
You can use this function to:
- Analyze logs for requests originating from specific IP address ranges.
- Detect unauthorized or suspicious activity by isolating traffic outside trusted IP ranges.
- Aggregate metrics for specific IP blocks or subnets.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
Parameter | Type | Description |
---|---|---|
ip | string | The IPv4 address to evaluate. |
range | string | The IPv4 range in CIDR notation (e.g., 192.168.1.0/24 ). |
Returns
true
if the IPv4 address is in the range.false
otherwise.null
if the conversion of a string wasn’t successful.
Use case example
You can use ipv4_is_in_range
to identify traffic from specific geographic regions or service provider IP blocks.
Query
Output
geo.city | in_range |
---|---|
Seattle | true |
Denver | true |
This query identifies the number of requests from IP addresses in the specified range.
List of related functions
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.