Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Compares two IPv4 strings. The two IPv4 strings are parsed and compared while accounting for the combined IP-prefix mask calculated from argument prefixes, and the optional PrefixMask argument.
ipv4_compare(Expr1,Expr2[ ,PrefixMask])
| Name | Type | Required | Description |
|---|---|---|---|
| Expr1, Expr2 | string |
✔️ | A string expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation. |
| PrefixMask | int |
An integer from 0 to 32 representing the number of most-significant bits that are taken into account. |
IP-prefix notation (also known as CIDR notation) is a concise way of representing an IP address and its associated network mask. The format is <base IP>/<prefix length>, where the prefix length is the number of leading 1 bits in the netmask. The prefix length determines the range of IP addresses that belong to the network.
For IPv4, the prefix length is a number between 0 and 32. So the notation 192.168.2.0/24 represents the IP address 192.168.2.0 with a netmask of 255.255.255.0. This netmask has 24 leading 1 bits, or a prefix length of 24.
For IPv6, the prefix length is a number between 0 and 128. So the notation fe80::85d:e82c:9446:7994/120 represents the IP address fe80::85d:e82c:9446:7994 with a netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00. This netmask has 120 leading 1 bits, or a prefix length of 120.
0: If the long representation of the first IPv4 string argument is equal to the second IPv4 string argument1: If the long representation of the first IPv4 string argument is greater than the second IPv4 string argument-1: If the long representation of the first IPv4 string argument is less than the second IPv4 string argumentnull: If conversion for one of the two IPv4 strings wasn't successful.
datatable(ip1_string:string, ip2_string:string)
[
'192.168.1.0', '192.168.1.0', // Equal IPs
'192.168.1.1/24', '192.168.1.255', // 24 bit IP-prefix is used for comparison
'192.168.1.1', '192.168.1.255/24', // 24 bit IP-prefix is used for comparison
'192.168.1.1/30', '192.168.1.255/24', // 24 bit IP-prefix is used for comparison
]
| extend result = ipv4_compare(ip1_string, ip2_string)
Output
| ip1_string | ip2_string | result |
|---|---|---|
| 192.168.1.0 | 192.168.1.0 | 0 |
| 192.168.1.1/24 | 192.168.1.255 | 0 |
| 192.168.1.1 | 192.168.1.255/24 | 0 |
| 192.168.1.1/30 | 192.168.1.255/24 | 0 |
Compare IPs using IP-prefix notation specified inside the IPv4 strings and as additional argument of the ipv4_compare() function
datatable(ip1_string:string, ip2_string:string, prefix:long)
[
'192.168.1.1', '192.168.1.0', 31, // 31 bit IP-prefix is used for comparison
'192.168.1.1/24', '192.168.1.255', 31, // 24 bit IP-prefix is used for comparison
'192.168.1.1', '192.168.1.255', 24, // 24 bit IP-prefix is used for comparison
]
| extend result = ipv4_compare(ip1_string, ip2_string, prefix)
Output
| ip1_string | ip2_string | prefix | result |
|---|---|---|---|
| 192.168.1.1 | 192.168.1.0 | 31 | 0 |
| 192.168.1.1/24 | 192.168.1.255 | 31 | 0 |
| 192.168.1.1 | 192.168.1.255 | 24 | 0 |
- Overview of IPv4/IPv6 functions
- Overview of IPv4 text match functions