Elasticsearch ip range query

vnpt_Pham · January 29, 2019, 7:44am

Dear,

I set mapping below

PUT iptest
{
   "mappings": {
      "addy": {
          "properties":{
             "ips": { "type": "ip"}
          }
      }
   }
}

And insert data:

PUT iptest/addy/1?refresh
{"ips": [ "10.230.208.88", "0.0.0.0"]}

PUT iptest/addy/2?refresh
{"ips": ["10.0.2.15","192.168.56.106"]}

Then query (1):

GET iptest/_search
{
	"query": {
		"bool": {
			"filter": [{
				"bool": {
					"must": [{
						"range": {
							"ips": {
								"gte": "10.52.51.14"
							}
						}
					},
					{
						"range": {
							"ips": {
								"lte": "10.52.51.34"
							}
						}
					}]
				}
			}]
		}
	},
	"from": 0,
	"size": 100,
	"_source": ["ips"]
}

But results is:

"hits" : [
      {
        "_index" : "iptest",
        "_type" : "addy",
        "_id" : "2",
        "_score" : 0.0,
        "_source" : {
          "ips" : [
            "10.0.2.15",
            "192.168.56.106"
          ]
        }
      },
      {
        "_index" : "iptest",
        "_type" : "addy",
        "_id" : "1",
        "_score" : 0.0,
        "_source" : {
          "ips" : [
            "10.230.208.88",
            "0.0.0.0"
          ]
        }
      }
    ]

I see "10.0.2.15" <= "10.52.51.34" AND "192.168.56.106" >= "10.52.51.14" ==> matching.
I want a element of ips is matching for this condition: "10.0.2.15" <= ip <= "10.52.51.34".

Thanks so much.

abdon · January 29, 2019, 2:27pm

Your current query searches for a document where any IP matches the first clause and any IP matches the second clause. Both clauses or not necessarily applied to the same IP. What you want to do instead is rewrite your query to something like this:

GET iptest/_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "ips": {
              "gte": "10.52.51.14",
              "lte": "10.52.51.34"
            }
          }
        }
      ]
    }
  },
  "from": 0,
  "size": 100,
  "_source": [
    "ips"
  ]
}

That way, the range is applied to one specific IP.

vnpt_Pham · February 1, 2019, 2:49am

Thanks abdon.
I tried successfully.

Is there another way to use mapping?

system · March 1, 2019, 3:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can we search for ranges IP addresses in fields with a query Elasticsearch	1	412	July 6, 2017
Finding ip address ranges that contain a given ip address Elasticsearch	3	1305	July 6, 2017
How to search for IP ranges containing a given IP? Elasticsearch	1	530	July 5, 2017
Store an IP range in ES Elasticsearch	6	1236	July 5, 2017
Ip range with subnet Elasticsearch	4	2824	July 6, 2017

Elasticsearch ip range query

Related topics