CIDR query on ip_range field not working


(Vramakrishnan) #1

I have the following mapping

  "mappings": {
    "_doc": {
      "properties": {
        "src_ip": {
          "type": "ip_range",
          "index": true
        },
		"dst_ip": {
          "type": "ip_range",
          "index": true
        },
        "src_port": {
          "type": "integer_range",
          "index": true
        },
		"dst_port": {
          "type": "integer_range",
          "index": true
        },
    	"protocol": {
            "type" : "keyword"
        }
      }
    }
  }

And doc indexed is as follows

{
  "src_ip": "10.2.0.0/8",
  "dst_ip": "10.3.0.128/29",
  "src_port": {
  	"gte" : 1000,
    "lte" : 1010
  },
  "dst_port": {
  	"gte" : 1100,
    "lte" : 1110
  },
  "protocol": "tcp"
}

I am trying to execute a CIDR style query on this doc, but running into illegal arg exception. May I know the right query to use for CIDR style query with ip_range.

{
  "query": {
    "term": {
      "src_ip": {
        "value": "10.2.0.0/16"
      }
    }
  }
}

Result is ...

{
"error": {
"root_cause": [
{
"type": "query_shard_exception",
"reason": "failed to create query: { "term" : { "src_ip" : { "value" : "10.2.0.0/16", "boost" : 1.0 } } }",
"index_uuid": "MqRCsD-yR6ODg-8c7-ihzA",
"index": "ipindex"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "ipindex",
"node": "Dj1Fqc65T6Kuk3pB8hQS3A",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: { "term" : { "src_ip" : { "value" : "10.2.0.0/16", "boost" : 1.0 } } }",
"index_uuid": "MqRCsD-yR6ODg-8c7-ihzA",
"index": "ipindex",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "'10.2.0.0/16' is not an IP string literal."
}
}
}
]
},
"status": 400
}

CIDR query on ip range [2nd try]
(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.