Forum Discussion
Log Analytics query the logs that are not in IP range
Hi All, I'm struggling with writing a query that will find sign-ins in logs that are not in IP ranges. So we have Log Analytics Workplace which is collecting sign-in logs. And we want to trigger...
It is indeed feasible to query sign-in logs against external IP ranges in Azure Log Analytics. To achieve this, the externaldata operator must be used correctly to import the list of ranges, and the ipv4_is_match() function should be applied in a manner that evaluates each log entry against the imported dataset. Microsoft’s official documentation confirms that ipv4_is_match() supports CIDR notation and can be effectively combined with externaldata to perform this type of validation.
https://learn.microsoft.com/en-us/kusto/query/ipv4-is-match-function?view=microsoft-fabric
https://learn.microsoft.com/en-us/kusto/query/externaldata-operator?view=microsoft-fabric