Hello,
I was wondering if there was a way to exclude a whole range of IP's from the discover search area. I can easily exclude a single IP, but I have not been able to find a reliable way to exclude a whole range, is this possible?
Any assistance would be greatly appreciated.
Yes, its possible. You need to make sure the data type in your index mapping is set to ip and not string.
Would this be the data type for the cflow.ipv4_dst_addr since it is essentially the field I am trying to set a range for? It looks like it is set to type string by default and the format options are shown below in the screenshot, it doesnt look like there is an IP field to select from, maybe I am not looking a this the right way.
No. That is the format that will be displayed by Kibana. The data type for your field is string. You need to change it to ip. You'll either need to A, create a new index and update the mapping and then reindex the data from the old index to the new index, or B, update/create an index template that has the new mapping and start writing to a new index.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.