In Kusto, I'm struggling with algorithm issue. I got big list of IPs (Azure Monitor), and a list of ranges to whitelist. How can I exclude rows of first list, if IP is in range of second list ?
Sure we will use ipv4_is_in_range() and mv-apply for this, yet I don't know how.
Sample items:
let ranges_to_whitelist = "['127.0.0.1', 10.0.0.0/28']";
let big_table_of_rows = datatable (ip_range: string) ['1.2.3.4', '10.0.0.254', '172.16.1.2', '10.0.0.1'];
Should yield:
datatable (ip_range: string) ['10.0.0.1'];
Thank you!
just for track record, Kusto enriched with new function : ipv4_is_in_any_range making exactly this feature. Always better than workaround.