ipv4_is_in_any_range()
Applies to: ✅ Microsoft Fabric ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Checks whether IPv4 string address is in any of the specified IPv4 address ranges.
Performance tips
Note
When more than 128 search terms are used, text index lookup optimization is disabled, which might lead to reduced query performance.
Syntax
ipv4_is_in_any_range(Ipv4Address , Ipv4Range [ , Ipv4Range ...] )
ipv4_is_in_any_range(Ipv4Address , Ipv4Ranges )
Learn more about syntax conventions.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| Ipv4Address | string |
✔️ | An expression representing an IPv4 address. |
| Ipv4Range | string |
✔️ | An IPv4 range or list of IPv4 ranges written with IP-prefix notation. |
| Ipv4Ranges | dynamic |
✔️ | A dynamic array containing IPv4 ranges written with IP-prefix notation. |
Note
Either one or more IPv4Range strings or an IPv4Ranges dynamic array is required.
IP-prefix notation
IP-prefix notation (also known as CIDR notation) is a concise way of representing an IP address and its associated network mask. The format is <base IP>/<prefix length>, where the prefix length is the number of leading 1 bits in the netmask. The prefix length determines the range of IP addresses that belong to the network.
For IPv4, the prefix length is a number between 0 and 32. So the notation 192.168.2.0/24 represents the IP address 192.168.2.0 with a netmask of 255.255.255.0. This netmask has 24 leading 1 bits, or a prefix length of 24.
For IPv6, the prefix length is a number between 0 and 128. So the notation fe80::85d:e82c:9446:7994/120 represents the IP address fe80::85d:e82c:9446:7994 with a netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00. This netmask has 120 leading 1 bits, or a prefix length of 120.
Returns
true: If the IPv4 address is in the range of any of the specified IPv4 networks.false: Otherwise.null: If conversion for one of the two IPv4 strings wasn't successful.
Examples
Syntax using list of strings
print Result=ipv4_is_in_any_range('192.168.1.6', '192.168.1.1/24', '10.0.0.1/8', '127.1.0.1/16')
Output
| Result |
|---|
| true |
Syntax using dynamic array
print Result=ipv4_is_in_any_range("127.0.0.1", dynamic(["127.0.0.1", "192.168.1.1"]))
Output
| Result |
|---|
| true |
Extend table with IPv4 range check
let LocalNetworks=dynamic([
"192.168.1.1/16",
"127.0.0.1/8",
"10.0.0.1/8"
]);
let IPs=datatable(IP:string) [
"10.1.2.3",
"192.168.1.5",
"123.1.11.21",
"1.1.1.1"
];
IPs
| extend IsLocal=ipv4_is_in_any_range(IP, LocalNetworks)
Output
| IP | IsLocal |
|---|---|
| 10.1.2.3 | true |
| 192.168.1.5 | true |
| 123.1.11.21 | false |
| 1.1.1.1 | false |
Related content
- Overview of IPv4/IPv6 functions
- Overview of IPv4 text match functions