The ipv4_is_private function determines if an IPv4 address belongs to a private range, as defined by RFC 1918. You can use this function to filter private addresses in datasets such as server logs, network traffic, and other IP-based data.

This function is especially useful in scenarios where you want to:

  • Exclude private IPs from logs to focus on public traffic.
  • Identify traffic originating from within an internal network.
  • Simplify security analysis by categorizing IP addresses.

The private IPv4 addresses reserved for private networks by the Internet Assigned Numbers Authority (IANA) are the following:

IP address rangeNumber of addressesLargest CIDR block (subnet mask)
10.0.0.0 – 10.255.255.2551677721610.0.0.0/8 (255.0.0.0)
172.16.0.0 – 172.31.255.2551048576172.16.0.0/12 (255.240.0.0)
192.168.0.0 – 192.168.255.25565536192.168.0.0/16 (255.255.0.0)

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

ipv4_is_private(ip: string)

Parameters

ParameterTypeDescription
ipstringThe IPv4 address to evaluate for private range status.

Returns

  • true: The input IP address is private.
  • false: The input IP address is not private.

Use case example

You can use ipv4_is_private to filter logs and focus on public traffic for external analysis.

Query

['sample-http-logs']
| extend is_private = ipv4_is_private('192.168.0.1')

Run in Playground

Output

geo.countryis_private
USAtrue
UKtrue
  • ipv4_compare: Compares two IPv4 addresses lexicographically. Use for sorting or range evaluations.
  • ipv4_is_in_range: Checks if an IP address is within a specified range.
  • parse_ipv4: Converts a dotted-decimal IP address into a numeric representation.