parse_ipv4 function in APL extracts the four octets of an IPv4 address and represents them as integers. You can use this function to break down an IPv4 address into its constituent components for advanced analysis, filtering, or comparisons. It is especially useful for tasks like analyzing network traffic logs, identifying trends in IP address usage, or performing security-related queries.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, extracting IPv4 components requires using regular expressions or string manipulation. APL simplifies this process with the dedicated
parse_ipv4 function.ANSI SQL users
ANSI SQL users
In ANSI SQL, breaking down an IPv4 address often requires using functions like
SUBSTRING or SPLIT. APL offers the parse_ipv4 function as a straightforward alternative.Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
ipv4_address | string | The IPv4 address to parse into integer octets. |
Returns
The function returns an array of four integers, each representing an octet of the IPv4 address.Use case example
You can use theparse_ipv4 function to analyze web traffic by breaking down user IP addresses into octets.
Query
| _time | uri | method | ip_octets |
|---|---|---|---|
| 2024-11-14T10:00:00 | /index.html | GET | 3,232,235,777 |
List of related functions
- has_any_ipv4: Matches any IP address in a string column with a list of IP addresses or ranges.
- has_ipv4_prefix: Checks if an IPv4 address matches a single prefix.
- has_ipv4: Checks if a single IP address is present in a string column.
- ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
- ipv4_is_in_range: Checks if an IP address is within a specified range.
- ipv4_is_private: Checks if an IPv4 address is within private IP ranges.