Can't get IP as index pattern

DigiAngel · September 10, 2016, 4:09pm

This is using straight ntopng to elasticsearch:
No Compatible Fields: The "ntopng-*" index pattern does not contain any of the following field types: ip

yet the field IPV4_SRC_ADDR is clearly an IP address. Why are my options only URL, String, and Truncated String? Thank you.

warkolm · September 11, 2016, 8:03am

Showing your mappings would be useful

DigiAngel · September 11, 2016, 12:19pm

You mean this?

Or....somewhere different

warkolm · September 11, 2016, 9:28pm

Well that shows it as a string, not an IP.
What does ntopng-*/_mapping show?

DigiAngel · September 11, 2016, 11:02pm

Ok...here's what I got:

           "IPV4_SRC_ADDR":{  
              "type":"string",
              "norms":{  
                 "enabled":false
              },
              "fields":{  
                 "raw":{  
                    "type":"string",
                    "index":"not_analyzed",
                    "ignore_above":256
                 }
              }
           },

warkolm · September 12, 2016, 1:38am

Ok so it's not mapped, which you will need to fix and then reindex older data for.

DigiAngel · September 12, 2016, 1:53am

Awesome.......so how do I fix it

warkolm · September 12, 2016, 1:56am

Update your ntopng-* template to map the field to the IP field type, assuming you have one.

DigiAngel · September 12, 2016, 12:22pm

Ok thanks Mark...looks like I have more reading to do as it doesn't appear you can update a map field within Kibana

Topic		Replies	Views
"does not contain any of the following compatible field types: ip" Kibana	9	847	May 11, 2020
Kibana 4 Visualization returning IP addresses in decimal format Kibana	5	1862	July 6, 2017
String to IP Convert Elasticsearch	6	325	January 23, 2023
Question About search in Kibana Kibana	2	280	November 26, 2020
Two indexes how to filter with different name fields Kibana	4	342	March 24, 2021

Can't get IP as index pattern

Related topics