ipv4_is_in_range()
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Checks if IPv4 string address is in IPv4-prefix notation range.
Syntax
ipv4_is_in_range(
Ipv4Address,
Ipv4Range)
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
Ipv4Address | string |
✔️ | An expression representing an IPv4 address. |
Ipv4Range | string |
✔️ | An IPv4 range or list of IPv4 ranges written with IP-prefix notation. |
IP-prefix notation
IP-prefix notation (also known as CIDR notation) is a concise way of representing an IP address and its associated network mask. The format is <base IP>/<prefix length>
, where the prefix length is the number of leading 1 bits in the netmask. The prefix length determines the range of IP addresses that belong to the network.
For IPv4, the prefix length is a number between 0 and 32. So the notation 192.168.2.0/24 represents the IP address 192.168.2.0 with a netmask of 255.255.255.0. This netmask has 24 leading 1 bits, or a prefix length of 24.
For IPv6, the prefix length is a number between 0 and 128. So the notation fe80::85d:e82c:9446:7994/120 represents the IP address fe80::85d:e82c:9446:7994 with a netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00. This netmask has 120 leading 1 bits, or a prefix length of 120.
Returns
true
: If the long representation of the first IPv4 string argument is in range of the second IPv4 string argument.false
: Otherwise.null
: If conversion for one of the two IPv4 strings wasn't successful.
Example
datatable(ip_address:string, ip_range:string)
[
'192.168.1.1', '192.168.1.1', // Equal IPs
'192.168.1.1', '192.168.1.255/24', // 24 bit IP-prefix is used for comparison
]
| extend result = ipv4_is_in_range(ip_address, ip_range)
Output
ip_address | ip_range | result |
---|---|---|
192.168.1.1 | 192.168.1.1 | true |
192.168.1.1 | 192.168.1.255/24 | true |
Related content
- Overview of IPv4/IPv6 functions
- Overview of IPv4 text match functions