How do you search for many IP addresses and output only the source IP and destination IP in Dev Tools [Kibana]

kanrab · June 21, 2021, 1:21pm

So the query to search for a single IP is:

GET _search
{
  "query": {
    "term": {
      "ip_addr": "43.225.52.0/23"
      
    }
  }
}

But this is only able to search for one IP address
My original query was:

GET _search 

{ 
   "query": { 
      "terms": { 
  	   "DestinationIP": [ 
    	      "100.42.74.212", 
    	      "101.50.1.23", 
    	      "101.99.90.41", 
    	      "103.114.160.253" 
  	      ] 
} 
   } 
}

But this outputted everything when I was only interested in the associated source address and associated destination IP address. If any returned at all

How do I query for many IP addresses and output only the source IP and destination IP?

Mikhail_Shustov · June 22, 2021, 11:29am

Does the fields option cover your case? Retrieve selected fields from a search | Elasticsearch Guide [8.11] | Elastic

system · July 20, 2021, 11:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.