savethebyte
October 25, 2020, 7:40pm
1
Is there a way to do a search for an IP range in a Timelion? I need to search a larger amount of time but only with a specific set of IPs.
I need to do something like this:
.es(index="filebeat-*", metric="sum:network.bytes", split="source.ip:10", kibana=true, q=source.ip:10.0.0.0/24).scale_interval(1s).fit(mode=scale).if(operator="lt", if=0, then=0).trim(start=2,end=1).label(regex="^.* source.ip:(.+) > .*$", label="$1").lines(width=1, stack=true, fill=1).yaxis(label="bytes / sec", min=0)
I need to do a query on a range of IPs (10.0.0.0/24 in this example). Is there a way to do this?
tsullivan
October 29, 2020, 8:26pm
2
The query string filter in Elasticsearch supports the range filter for IP data, and q uses query string query:
.es(index=tests-*,timefield=@date,metric=sum:whatever,q="ip:[0.0.0.0 TO 10.255.255.255]")
Another thing you could do is add the Timelion panel to a dashboard, and use the global filter to do a range query on the IP field, using KQL:
savethebyte
November 2, 2020, 8:53pm
3
The dashboard route is what I ended up doing, but it was a temporary "fix" until I figured out the range you provided. Thank you!
system
November 30, 2020, 8:53pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
