## CIDR_MATCH

CIDR_MATCH is a function in ES|QL that checks if a provided IP address is contained in one or more provided CIDR blocks. It returns a boolean value - true if the IP is contained in the CIDR block(s), and false if it is not.

### Syntax

`CIDR_MATCH(ip, blockX)`

### Parameters

- `ip`: IP address of type ip (both IPv4 and IPv6 are supported).
- `blockX`: CIDR block to test the IP against.

### Examples

Here are a couple of examples of how you can use the CIDR_MATCH function in ES|QL queries:

```esql
FROM hosts
| WHERE CIDR_MATCH(ip1, "127.0.0.2/32", "127.0.0.3/32")
| KEEP card, host, ip0, ip1
```

In this example, the query checks if the `ip1` field of the `hosts` index is contained in either the "127.0.0.2/32" or "127.0.0.3/32" CIDR blocks. If it is, the `card`, `host`, `ip0`, and `ip1` fields are kept in the results.

```esql
FROM network_logs
| WHERE CIDR_MATCH(source_ip, "192.168.1.0/24")
| KEEP timestamp, source_ip, destination_ip
```

In this second example, the query checks if the `source_ip` field of the `network_logs` index is contained in the "192.168.1.0/24" CIDR block. If it is, the `timestamp`, `source_ip`, and `destination_ip` fields are kept in the results.