How to create a filter that contains multiple CIDR ranges?

Hi there,

I'm using Kibana 6.7 and trying to create some filters that are a set of IP ranges e.g. all AWS IP ranges for a given regions. This of course is a huge list of ip ranges like below:

...
52.64.0.0-52.64.127.255
54.153.128.0-54.153.255.255
3.24.0.0-3.27.255.255
52.62.0.0-52.63.255.255
54.253.0.0-54.253.255.255
52.94.248.64-52.94.248.79
...

The UI 'Add a filter' option only allows me to add a single IP range, is it possible do it with multiple ranges?

I'd like to be able to programmatically create and update the filter with curl

You can click "Edit as Query DSL" in the filter editor, and then you can type / paste raw JSON in there.

There may be an easier way, but what I'd do is convert your ranges there to something like this:

{
  "bool": {
    "should": [
      {
        "range": {
          "clientip": {
            "gte": "52.64.0.0",
            "lte": "52.64.127.255"
          }
        }
      },
      {
        "range": {
          "clientip": {
            "gte": "54.153.128.0",
            "lte": "54.153.255.255"
          }
        }
      }
    ]
  }
}

Best of luck!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.