This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 71%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Hi all...!
KQL query explore...
Assuming the following IP Supnets ranges i want to exclude in the event results (Sentinel SIEM)
My goal is to exclude records in which the source IP value from the Exclude ip range.
What is the best way to achieve that.?
I tried the ipv4_is_in_any_range() function , but no luck.
Thanks in advance...
Jagadeesh G
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Just checking to see if you were able to get the information you need? If the solution provided helped you, please "Accept the answer" so that others in the community can more easily find the resolution. Otherwise let us know if you have further questions.
I have added the following query you can modify this one for your case
datatable
| where not(ipv4_is_in_any_range(SourceIP, dynamic(["118.13.0.0/16"])))
This query will filter out any records where the source IP address is in the 118.13.0.0/16 range.
Thanks a lot for your Support. It is working as expected.