Add CIDR IP range in Timelion

Is there a way to do a search for an IP range in a Timelion? I need to search a larger amount of time but only with a specific set of IPs.

I need to do something like this:

.es(index="filebeat-*", metric="sum:network.bytes", split="source.ip:10", kibana=true, q=source.ip:10.0.0.0/24).scale_interval(1s).fit(mode=scale).if(operator="lt", if=0, then=0).trim(start=2,end=1).label(regex="^.* source.ip:(.+) > .*$", label="$1").lines(width=1, stack=true, fill=1).yaxis(label="bytes / sec", min=0)

I need to do a query on a range of IPs (10.0.0.0/24 in this example). Is there a way to do this?

The query string filter in Elasticsearch supports the range filter for IP data, and q uses query string query:

.es(index=tests-*,timefield=@date,metric=sum:whatever,q="ip:[0.0.0.0 TO 10.255.255.255]")

Another thing you could do is add the Timelion panel to a dashboard, and use the global filter to do a range query on the IP field, using KQL:

The dashboard route is what I ended up doing, but it was a temporary "fix" until I figured out the range you provided. Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.