Search according to field's type IP?

zoulja · November 4, 2020, 10:15am

Elasticsearch supports field type IP IP datatype | Elasticsearch Guide [6.8] | Elastic
which supports search by network mask.

PUT my_index/_doc/1
{
  "ip_addr": "192.168.1.1"
}

GET my_index/_search
{
  "query": {
    "term": {
      "ip_addr": "192.168.0.0/16"
    }
  }
}

Is it possible in Graylog to use this kind of query?

shoothub · November 4, 2020, 2:22pm

Have you tried to create own mapping?

zoulja · November 4, 2020, 2:46pm

Yes, I tried and my mapping is ok - field type is ip(which internally is still a string).
But my question is about frontend part, not about backend.
Probably this kind of query is not supported at all (as it seems from my tests).
Or it requires some sophisticated escaping.
Or something else - I don’t know, that’s why I’m asking here

system · November 18, 2020, 2:46pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Netflow and IP fields Graylog Central (peer support)	4	523	June 22, 2020
Supported Elasticsearch Field Types Graylog Central (peer support)	6	1757	February 20, 2020
Subnet Search Query Graylog Central (peer support)	20	13815	December 11, 2017
Graylog: Subnet Query Graylog Central (peer support)	7	2432	November 20, 2017
Help understanding use of to_ip() and underlying IP data format in index Graylog Central (peer support) pipeline-rules	2	1001	February 26, 2019

Search according to field's type IP?

Related topics