format_ipv4 function in APL converts a numeric representation of an IPv4 address into its standard dotted-decimal format. This function is particularly useful when working with logs or datasets where IP addresses are stored as integers, making them hard to interpret directly.
You can use format_ipv4 to enhance log readability, enrich security logs, or convert raw telemetry data for analysis.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, IPv4 address conversion is typically not a built-in function. You may need to use custom scripts or calculations. APL simplifies this process with the
format_ipv4 function.ANSI SQL users
ANSI SQL users
ANSI SQL doesn’t have a built-in function for IPv4 formatting. You’d often use string manipulation or external utilities to achieve the same result. In APL,
format_ipv4 offers a straightforward solution.Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ip | long | A numeric IPv4 address in network byte order. |
Returns
| Return type | Description |
|---|---|
string | The IPv4 address in dotted-decimal format. |
Use case example
When analyzing HTTP request logs, you can convert IP addresses stored as integers into a readable format to identify client locations or troubleshoot issues. Query| _time | formatted_ip | status | uri | method |
|---|---|---|---|---|
| 2024-11-14 10:00:00 | 192.168.1.0 | 200 | /api/products | GET |
List of related functions
- has_any_ipv4: Matches any IP address in a string column with a list of IP addresses or ranges.
- has_ipv4: Checks if a single IP address is present in a string column.
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.