I am using the Kibana console to run a SQL query with an ip field as criteria. Here is the query:
POST /_sql?format=json
{
"query": """SELECT "@timestamp", "destination.ip" FROM "dummyindex" WHERE "destination.ip" IN ('127.01.01.01', '128.01.01.01') and "@timestamp" > '2020-09-16' """
}
This is the error:
{
"error" : {
"root_cause" : [
{
"type" : "verification_exception",
"reason" : "Found 1 problem\nline 1:63: 1st argument of [\"destination.ip\" IN ('127.01.01.01', '128.01.01.01')] must be [ip], found value ['127.01.01.01'] type [keyword]"
}
],
"type" : "verification_exception",
"reason" : "Found 1 problem\nline 1:63: 1st argument of [\"destination.ip\" IN ('127.01.01.01', '128.01.01.01')] must be [ip], found value ['127.01.01.01'] type [keyword]"
},
"status" : 400
}
Is there a special syntax to query ip fields using SQL?