Hi there!
I have documents with an IP type field showing 1 or more IP addresses and I need to apply a filter to the documents to show only the documents where there's a public IP address (
non-RFC1918). For example, let's take the below dataset...
doc #1
ip : 10.10.10.1
doc #2
ip : 10.10.10.100, 10.10.10.150
doc #3
ip: 10.10.10.160, 21.22.23.22
doc #4
ip: 77.33.66.11
My ideal filter/query would need to able to display only doc #3 (private + public address) and doc #4 (public address)
I have tried using the below DSL filter to exclude RFC1918 addresses but that only return doc #4 and I'm missing doc # 3 because it has a private/RFC1918 address (10.10.10.160) and public address (21.22.23.22)
{
"query": {
"bool": {
"filter": {
"exists": {
"field": "ip"
}
},
"must_not": [
{
"terms": {
"ip": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
]
}
}
}
Any ideas or guidance on how can I solve my problem?
Thanks
Azulgrana