Use the format_ipv4_mask function to format an IPv4 address and a bitmask into Classless Inter-Domain Routing (CIDR) notation. This function is useful when you need to standardize or analyze network addresses, especially in datasets that contain raw IPs or numerical IP representations. It supports both string-based and numeric IPv4 inputs and can apply an optional prefix to generate a subnet mask.

You can use format_ipv4_mask to normalize IP addresses, extract network segments, or apply filtering or grouping logic based on subnet granularity.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

format_ipv4_mask(ip, prefix)

Parameters

NameTypeRequiredDescription
ipstring✔️The IPv4 address in CIDR notation. You can use a string (e.g., '192.168.1.1') or a big-endian number.
prefixint✔️An integer between 0 and 32. Specifies how many leading bits to include in the mask.

Returns

A string representing the IPv4 address in CIDR notation if the conversion succeeds. If the conversion fails, the function returns an empty string.

Example

Query

['sample-http-logs']
| extend subnet = format_ipv4_mask('192.168.1.54', 24)
| project _time, subnet

Run in Playground

Output

_timesubnet
1Jun 30, 11:11:46192.168.1.0/24
  • format_ipv4: Converts a 32-bit unsigned integer to an IPv4 address string. Use it when your input is a raw numeric IP instead of a prefix length.
  • parse_ipv4: Parses an IPv4 string into a numeric representation. Use it when you want to do arithmetic or masking on IP addresses.
  • ipv4_is_in_range: Checks whether an IPv4 address falls within a given range. Use it when you need to filter or classify IPs against subnets.