has_ipv4()
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Returns a value indicating whether a specified IPv4 address appears in a text.
IP address entrances in a text must be properly delimited with non-alphanumeric characters. For example, properly delimited IP addresses are:
- "These requests came from: 192.168.1.1, 10.1.1.115 and 10.1.1.201"
- "05:04:54 127.0.0.1 GET /favicon.ico 404"
Syntax
has_ipv4(
source ,
ip_address )
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
source | string |
✔️ | The text to search. |
ip_address | string |
✔️ | The value containing the IP address for which to search. |
Returns
true
if the ip_address is a valid IPv4 address, and it was found in source. Otherwise, the function returns false
.
Tip
- To search for many IPv4 addresses at once, use has_any_ipv4() function.
- To search for IPv4 addresses prefix, use has_ipv4_prefix() function.
Examples
Properly formatted IP address
print result=has_ipv4('05:04:54 127.0.0.1 GET /favicon.ico 404', '127.0.0.1')
Output
result |
---|
true |
Invalid IP address
print result=has_ipv4('05:04:54 127.0.0.256 GET /favicon.ico 404', '127.0.0.256')
Output
result |
---|
false |
Improperly delimited IP
print result=has_ipv4('05:04:54127.0.0.1 GET /favicon.ico 404', '127.0.0.1')
Output
result |
---|
false |