I have the following mapping
"mappings": {
"_doc": {
"properties": {
"src_ip": {
"type": "ip_range",
"index": true
},
"dst_ip": {
"type": "ip_range",
"index": true
},
"src_port": {
"type": "integer_range",
"index": true
},
"dst_port": {
"type": "integer_range",
"index": true
},
"protocol": {
"type" : "keyword"
}
}
}
}
And doc indexed is as follows
{
"src_ip": "10.2.0.0/8",
"dst_ip": "10.3.0.128/29",
"src_port": {
"gte" : 1000,
"lte" : 1010
},
"dst_port": {
"gte" : 1100,
"lte" : 1110
},
"protocol": "tcp"
}
I am trying to execute a CIDR style query on this doc, but running into illegal arg exception. May I know the right query to use for CIDR style query with ip_range.
{
"query": {
"term": {
"src_ip": {
"value": "10.2.0.0/16"
}
}
}
}
Result is ...
{
"error": {
"root_cause": [
{
"type": "query_shard_exception",
"reason": "failed to create query: { "term" : { "src_ip" : { "value" : "10.2.0.0/16", "boost" : 1.0 } } }",
"index_uuid": "MqRCsD-yR6ODg-8c7-ihzA",
"index": "ipindex"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "ipindex",
"node": "Dj1Fqc65T6Kuk3pB8hQS3A",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: { "term" : { "src_ip" : { "value" : "10.2.0.0/16", "boost" : 1.0 } } }",
"index_uuid": "MqRCsD-yR6ODg-8c7-ihzA",
"index": "ipindex",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "'10.2.0.0/16' is not an IP string literal."
}
}
}
]
},
"status": 400
}