## Description¶

Given an IPv4 address string in dotted-quad format on the left, and a subnet slashed-dotted-quad subnet string on the right, test whether the address on the left belongs to the subnet on the right. If the subnet string is missing the slash, the private or class network address will be derived. Note that lower order bits that are masked from the network address are ignored.

For more information on subnet specification, see the table of examples for ipv4_network_int64.

This function returns a boolean true if the address is considered part of the subnet, or false if it isn’t, or null if either address or subnet is not properly formatted.

bool

## Domain¶

This is a scalar function (calculates a single output value for a single input row.)

## Usage¶

ipv4_address_in_network( ipv4, netv4 )


Argument

Type

Required

Multiple

ipv4

string

Required

Only one

netv4

string

Required

Only one

## Examples¶

filter ipv4_address_in_network(addrstr, netstr)


If the given addrstr is considered to be within the network described by netstr, keep the event, else discard it.

netstr (input)

match (output)

comment

8.8.4.4

8.0.0.0

true

Class A match

11.0.0.1

10.0.0.1/8

false

CIDR mismatch

192.168.48.17

192.168.0.1

true

private network match

193.168.48.17

193.168.0.1

false

class C mismatch

193.168.48.17

193.168.0.0/16

true

CIDR match

10.0.0.1/16

10.0.0.1/8

null

localhost

10.0.0.1/8

null

2130706432

10.0.0.1/8

null

193.168.48.17

2130706432

null

invalid network