Search according to field's type IP?

zoulja · November 4, 2020, 10:15am

Elasticsearch supports field type IP IP datatype | Elasticsearch Guide [6.8] | Elastic
which supports search by network mask.

PUT my_index/_doc/1
{
  "ip_addr": "192.168.1.1"
}

GET my_index/_search
{
  "query": {
    "term": {
      "ip_addr": "192.168.0.0/16"
    }
  }
}

Is it possible in Graylog to use this kind of query?

shoothub · November 4, 2020, 2:22pm

Have you tried to create own mapping?

zoulja · November 4, 2020, 2:46pm

Yes, I tried and my mapping is ok - field type is ip(which internally is still a string).
But my question is about frontend part, not about backend.
Probably this kind of query is not supported at all (as it seems from my tests).
Or it requires some sophisticated escaping.
Or something else - I don’t know, that’s why I’m asking here

system · November 18, 2020, 2:46pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Netflow and IP fields Graylog Central (peer support)	4	462	June 22, 2020
Supported Elasticsearch Field Types Graylog Central (peer support)	6	1652	February 20, 2020
Subnet Search Query Graylog Central (peer support)	20	13005	December 11, 2017
Graylog: Subnet Query Graylog Central (peer support)	7	2292	November 20, 2017
Search for ip ranges (again..) Graylog Central (peer support) documentation	4	1923	December 3, 2021

Search according to field's type IP?

Related Topics