Abstract
Learn more about the Cortex Query Language incidr()
function.
Syntax
incidr(<IPv4_address>, <CIDR_range>)
Description
The incidr()
function accepts an IPv4 address, and an IPv4 range using CIDR notation, and returns true
if the address is in range.
Note
The first parameter must contain an IPv4 address contained in an IPv4 field. For production purposes, this IPv4 address will normally be carried in a field that you retrieve from a dataset. For manual usage, assign the IPv4 address to a field, and then use that field with this function.
Examples
alter my_ip = "192.168.10.14" | alter inrange = incidr(my_ip, "192.168.10.0/24") | fields inrange | limit 1