Netflow and IP fields

tywjohn · June 5, 2020, 11:14pm

I’m using the Netwflow UDP input and I just noticed that any field that could simply be an ‘ip’ elasticsearch type is actually just a string type.
My understanding was that elasticsearch should automatically map the correct field type but it seems to prefer string over ip. Is there anyway to force this or do I need to create another field using a pipeline?

jan · June 8, 2020, 6:35am

what graylog and elasticsearch version are we talking about?

maniel · June 8, 2020, 9:36am

AFAIK the only way to tell elasrticsearch the field is of given type is using custom index mapping

tywjohn · June 8, 2020, 10:36pm

Graylog 3.3
Elasticsearch 6.8.9

I’ll look into custom mapping like maniel suggested.

system · June 22, 2020, 10:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search according to field's type IP? Graylog Central (peer support)	3	603	November 18, 2020
Supported Elasticsearch Field Types Graylog Central (peer support)	6	1757	February 20, 2020
Help understanding use of to_ip() and underlying IP data format in index Graylog Central (peer support) pipeline-rules	2	1001	February 26, 2019
Problem with to_ip set_field() Graylog Central (peer support) pipeline-rules	7	1320	December 30, 2019
Extractor key=value field type hints Graylog Central (peer support) pipeline-rules	4	1611	June 5, 2020

Netflow and IP fields

Related topics