How to create a filter that contains multiple CIDR ranges?

IraB · June 26, 2019, 2:33am

Hi there,

I'm using Kibana 6.7 and trying to create some filters that are a set of IP ranges e.g. all AWS IP ranges for a given regions. This of course is a huge list of ip ranges like below:

...
52.64.0.0-52.64.127.255
54.153.128.0-54.153.255.255
3.24.0.0-3.27.255.255
52.62.0.0-52.63.255.255
54.253.0.0-54.253.255.255
52.94.248.64-52.94.248.79
...

The UI 'Add a filter' option only allows me to add a single IP range, is it possible do it with multiple ranges?

I'd like to be able to programmatically create and update the filter with curl

christophilus · July 2, 2019, 6:48pm

You can click "Edit as Query DSL" in the filter editor, and then you can type / paste raw JSON in there.

There may be an easier way, but what I'd do is convert your ranges there to something like this:

{
  "bool": {
    "should": [
      {
        "range": {
          "clientip": {
            "gte": "52.64.0.0",
            "lte": "52.64.127.255"
          }
        }
      },
      {
        "range": {
          "clientip": {
            "gte": "54.153.128.0",
            "lte": "54.153.255.255"
          }
        }
      }
    ]
  }
}

Best of luck!

Topic		Replies	Views
Kibana filter ip address or network Kibana	2	12840	May 10, 2019
How to filter on ip type fields in kibana Kibana	3	14012	May 6, 2019
How to query private IP range in kibana? Kibana kql-kibana-query-language	2	10743	September 23, 2021
Kibana multiple query is not allowed Kibana	3	478	May 13, 2020
Access to filter values in script kibana Kibana	9	845	July 6, 2021

How to create a filter that contains multiple CIDR ranges?

Related topics