Contribute in GitHub:
Edit online
format_ipv4()
See KQL Support Differences for more information.
Parses input with a netmask and returns string representing IPv4 address.
print format_ipv4('192.168.1.255', 24) == '192.168.1.0'
print format_ipv4(3232236031, 24) == '192.168.1.0'
Syntax
format_ipv4(Expr [, PrefixMask])
Arguments
| Name | Type | Required | Description |
|---|---|---|---|
| Expr | String | ✓ | A string or number representation of the IPv4 address. |
| PrefixMask | string | An integer from 0 to 32 representing the number of most-significant bits that are taken into account. If argument isn't specified, all bit-masks are used (32). |
Returns
If conversion is successful, the result will be a string representing IPv4 address. If conversion isn't successful, the result will be an empty string.
See also
- format_ipv4_mask(): For IPv4 address formatting including CIDR notation.
Example
events_all
| project original_time, data_source_name, name, user_id, low_level_categories,
src_ip, src_port, dst_ip, dst_port, payload
//--- Search for the last 5 minutes of data
| where original_time > ago(5m)
//--- USER Criteria Here
| extend Addr=format_ipv4(src_ip,24), DataSource=data_source_name
| distinct Addr, DataSource
| take 3
Results
| address |
|---|
| 10.10.10.0 |
| 127.0.0.0 |
| 192.168.1.1/24 |