morsecoder
Reputation: 1649
Elasticsearch Filter Query by CIDR
For example, how would you build an Elasticsearch query that filtered by documents containing an ip field that matches 192.168.100.14/24?
{
query: {
filtered: {
filter: {
???
}
}
}
}
To clarify, the documents I am searching have a property that is indexed as an IP field, and I want to find all documents that have an IP that matches a CIDR mask (to be specified in a filter).
Upvotes: 0
Views: 4635
Answers (2)
Mike Hoven
Reputation: 51
try this if using ES 2.2 or later:
{"query": {"term" : {"<ip_field_name>" : "192.168.100.14/24"}}}
Upvotes: 1
jhilden
Reputation: 12439
The elasticsearch type ip does not support that type of input. Here is an example showing that it will fail:
input
PUT index1
{
"mappings": {
"type1": {
"properties": {
"ip_addr": {
"type": "ip"
}
}
}
}
}
POST index1/type1
{
ip_addr: "192.168.100.14/24"
}
result
{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse [ip_addr]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse [ip_addr]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "failed to parse ip [192.168.100.14/24], not a valid ip address"
}
},
"status": 400
}
Instead, if you strip off the /24 it will work properly.
Upvotes: 0
Related Questions
- No mapping found for field in order to sort on in ElasticSearch
- Elasticsearch multi term filter
- Elasticsearch query string query with not equal to?
- What is the difference between MUST and SHOULD in an Elasticsearch bool query?
- elasticsearch bool query combine must with OR
- Elasticsearch query to return all records
- How to search for a part of a word with ElasticSearch
- no [query] registered for [filtered]