How to check if host.ip in particular CIDR

Adriann · March 2, 2022, 4:39pm

Hello,

I want to add an ingest pipeline script that will add particular fields if host.ip falls into the CIDR notation range.

I was trying some stuff but still, that does not work
The script does not return errors but fields are not added.

CIDR block = new CIDR("10.10.0.0/21"); # or def block = new CIDR("10.10.0.0/21")
for (int i = 0; i < ctx.host?.ip?.length; ++i) {
    if (block.contains(ctx["host.ip"])) {
        ctx["host.bo"] = "Value1";
        ctx["host.bo_name"] = "Value2";
    }
}

If you can spot the error and guide me It would be very helpful.

Stack is on 7.16-2

Adriann · March 4, 2022, 2:27pm

This started to work. I was not able to manage to add a field via ctx._source... I used a set before that processor instead.

CIDR block = new CIDR("10.10.0.0/20");
for (int i = 0; i < ctx?.host?.ip.length; ++i) {
    if (block.contains(ctx.host.ip[i])) {
        ctx?.host.bo_name = "Value";
    }
}

Now I just wonder what would be the performance impact of using runtime field instead of ingest pipeline script processor.

Topic		Replies	Views
Searching IP Address Range Using CIDR Mask Elasticsearch	4	4879	July 6, 2017
Query a field that can be host or IP Elasticsearch	1	338	July 2, 2019
データ登録時にIPアドレスの範囲をチェックする方法日本語による質問・議論はこちら	4	771	September 29, 2021
Cidr plugin just generate warnings Logstash	6	1218	September 10, 2018
Indexing CIDR block e.g.: 192.168.1.0/24 Elasticsearch	6	933	May 12, 2018

How to check if host.ip in particular CIDR

Related topics