Elasticsearch ip range query

vnpt_Pham · January 29, 2019, 7:44am

Dear,

I set mapping below

PUT iptest
{
   "mappings": {
      "addy": {
          "properties":{
             "ips": { "type": "ip"}
          }
      }
   }
}

And insert data:

PUT iptest/addy/1?refresh
{"ips": [ "10.230.208.88", "0.0.0.0"]}

PUT iptest/addy/2?refresh
{"ips": ["10.0.2.15","192.168.56.106"]}

Then query (1):

GET iptest/_search
{
	"query": {
		"bool": {
			"filter": [{
				"bool": {
					"must": [{
						"range": {
							"ips": {
								"gte": "10.52.51.14"
							}
						}
					},
					{
						"range": {
							"ips": {
								"lte": "10.52.51.34"
							}
						}
					}]
				}
			}]
		}
	},
	"from": 0,
	"size": 100,
	"_source": ["ips"]
}

But results is:

"hits" : [
      {
        "_index" : "iptest",
        "_type" : "addy",
        "_id" : "2",
        "_score" : 0.0,
        "_source" : {
          "ips" : [
            "10.0.2.15",
            "192.168.56.106"
          ]
        }
      },
      {
        "_index" : "iptest",
        "_type" : "addy",
        "_id" : "1",
        "_score" : 0.0,
        "_source" : {
          "ips" : [
            "10.230.208.88",
            "0.0.0.0"
          ]
        }
      }
    ]

I see "10.0.2.15" <= "10.52.51.34" AND "192.168.56.106" >= "10.52.51.14" ==> matching.
I want a element of ips is matching for this condition: "10.0.2.15" <= ip <= "10.52.51.34".

Thanks so much.

abdon · January 29, 2019, 2:27pm

Your current query searches for a document where any IP matches the first clause and any IP matches the second clause. Both clauses or not necessarily applied to the same IP. What you want to do instead is rewrite your query to something like this:

GET iptest/_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "ips": {
              "gte": "10.52.51.14",
              "lte": "10.52.51.34"
            }
          }
        }
      ]
    }
  },
  "from": 0,
  "size": 100,
  "_source": [
    "ips"
  ]
}

That way, the range is applied to one specific IP.

vnpt_Pham · February 1, 2019, 2:49am

Thanks abdon.
I tried successfully.

Is there another way to use mapping?

system · March 1, 2019, 3:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can we search for ranges IP addresses in fields with a query Elasticsearch	1	383	July 6, 2017
Just Pushed: IP (ipv4) address type Elasticsearch	10	448	July 6, 2017
The ipv6 question Elasticsearch	3	421	April 30, 2018
Match partial IP Elasticsearch	2	1603	July 5, 2017
Queries on "ip_range" type (missing documentation) Elasticsearch	8	2003	October 14, 2020

Elasticsearch ip range query

Related topics