Skip to main content
Use the ipv6_is_in_range function to check whether an IPv6 address falls within a specified IPv6 CIDR range. This is useful when you need to classify, filter, or segment network traffic by address range—such as identifying requests from internal subnets, geo-localized regional blocks, or known malicious networks. You can use this function when analyzing HTTP logs, trace telemetry, or security events where IPv6 addresses are present, and you want to restrict attention to or exclude certain address ranges.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, IP range checking for IPv6 addresses typically requires custom scripts or manual logic, as there is no built-in function equivalent to ipv6_is_in_range.
Splunk example
APL equivalent
ANSI SQL doesn’t have native functions for CIDR range checks on IPv6 addresses. You typically rely on user-defined functions (UDFs) or external tooling. In APL, ipv6_is_in_range provides this capability out of the box.
SQL example
APL equivalent

Usage

Syntax

Parameters

Returns

A bool value:
  • true if the IPv6 address is within the specified CIDR range.
  • false otherwise.

Example

Use this function to isolate internal service calls originating from a designated IPv6 block. Query
Run in Playground Output
  • ipv4_is_in_range: Checks whether an IPv4 address is within a specified CIDR range. Use this function when working with IPv4 instead of IPv6.
  • ipv6_compare: Compares two IPv6 addresses. Use when you want to sort or test address equality or ordering.
  • ipv6_is_match: Checks whether an IPv6 address matches a pattern. Use for wildcard or partial-match filtering rather than range checking.