EQL cidrmatch issue

hello guys, I created an eql rule for ssh access I wanna match multiple IP ranges but I get this error that the destination.ip field is text and not IP can you please suggest me another way to do that. here's my query {
sequence with maxspan=15m [any where cidrmatch(destination.ip, "10.1.6.0/24", "10.1.2.0/24", "10.1.20.0/24", "10.1.3.0/24", "172.44.8.0/24", "192.168.24.0/24", "10.10.11.0/24", "1.10.12.0/24") and destination.port==22 and event.action=="Allow" ] [any where source.ip not in ("1.1.41.43" , "1.1.1.84" , "1.1.1.55", "172.44.10.1"," 10.1.15.6")] }
and here's the error I get :
must be [ip], found value [destination.ip] type [text]

The only workaround I see is to have a filtering with OR and regex to express this cidrmatch, and be aware that this would most probably be significantly slower than a cidrmatch on IP fields.

The best solution is to reindex your data using the correct mapping (data types for your fields).

yeah I used runtime field and it works now thank you.

Nice, haven't thought of that workaround.