Reputation: 158
Storing CIDR in IP type field in ElasticSearch
Is it possible to store CIDR notations in the IP Address data type in elastic search? When I try to POST them into my index it fails. (singlerange property has ip type)
{
"singlerange": "222.165.0.0/17",
"name": "Single range"
}
Result
{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse [singlerange]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse [singlerange]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "'222.165.0.0/17' is not an IP string literal."
}
},
"status": 400
}
So, ES is telling me 'no' but before I gave up on ES as a tool for this I wanted to see if anyone had a workaround or alternative way of storing and querying ranges.
I know the docs have the use case where you store IPs and query by ranges. Our use case is opposite, we want to store ranges and query the index for any range that contains a specific IP.
Upvotes: 2
Views: 1978
Answers (1)
Reputation: 158
Of course, the act of posting to StackOverflow allows me to solve the problem.
What I did is create the range manually on insert like this
{
"mappings": {
"newrange": {
"properties": {
"bottomrange": {
"type": "ip"
},
"toprange": {
"type": "ip"
},
"name": {
"type": "text"
}
}
}
}
}
This lets me insert things like this (in this example I am representing 222.165.0.0/17:
{
"bottomrange": "222.165.0.1",
"toprange": "222.165.127.254",
"name": "Single range"
}
And thus I can query with filters like this (in this case trying to find a range that matches 222.165.128.99)
{
"query": {
"bool": {
"filter": [
{ "range": { "bottomrange": { "lte": "222.165.128.99" }}} ,
{ "range": { "toprange": { "gte": "222.165.128.99" }}}
]
}
}
}
Voila! Probably not the most efficient ES query ever but its got to be more efficient then a developer loading thousands of CIDR range specifiers into memory in node and iterating through each for a match.. We'll see.
Upvotes: 3
Related Questions
- How to query IP range in Elastic search?
- Convert IP (string) into long in elasticsearch/kibana scripted fields
- Query to get the set of records from a filed of ip addresses based on the give CIDR range using in Elastic search
- Wild card query on a field with Type Ip in elastic search
- How to Map IP type
- how to define an array of IPs in Elasticsearch?
- Elasticsearch Filter Query by CIDR
- Data type IP in ElasticSearch
- Use existing field as id in elasticsearch
- What is the format of ip address in kibana that i want to see ip distribution in map?