I'm having trouble getting Elasticsearch to accept my array of IPv4 as IPv4 instead of strings.
I have a string with many IPs separated by spaces. I can easily turn that field into an array of IPs by using the split function in either the ruby or mutate filters.
The problem is that even though I already have the field "ip_addresses" mapped to be of type "ip", Elasticsearch does not parse the field and gives error message:
"Mixing up field types: class org.elasticsearch.index.mapper.core.LongFieldMapper$LongFieldType != class org.elasticsearch.index.mapper.ip.IpFieldMapper$IpFieldType on field ip_addresses"
If I try to map it as type long, it fails with the same error because of String/Long mismatch. If I don't map them at all, dynamic mapping sets the type of the field to String.
Here's the rubydebug picture of the field I'm trying to push up to ES:
Here's the exact error message:
Here's my previously defined mapping for that field:
The only somewhat relevant source of information I found is here: http://stackoverflow.com/questions/29770043/how-can-i-store-and-search-multiple-ipv4-and-ipv6-subnets-in-elasticsearch
And according to documentation on arrays:
In Elasticsearch, there is no dedicated array type. Any field can contain zero or more values by default, however, all values in the array must be of the same datatype.
GIven that any field can be made into an array, how can I properly have an array of type ip?
