How to create a filter that contains multiple CIDR ranges?

IraB · June 26, 2019, 2:33am

Hi there,

I'm using Kibana 6.7 and trying to create some filters that are a set of IP ranges e.g. all AWS IP ranges for a given regions. This of course is a huge list of ip ranges like below:

...
52.64.0.0-52.64.127.255
54.153.128.0-54.153.255.255
3.24.0.0-3.27.255.255
52.62.0.0-52.63.255.255
54.253.0.0-54.253.255.255
52.94.248.64-52.94.248.79
...

The UI 'Add a filter' option only allows me to add a single IP range, is it possible do it with multiple ranges?

I'd like to be able to programmatically create and update the filter with curl

christophilus · July 2, 2019, 6:48pm

You can click "Edit as Query DSL" in the filter editor, and then you can type / paste raw JSON in there.

There may be an easier way, but what I'd do is convert your ranges there to something like this:

{
  "bool": {
    "should": [
      {
        "range": {
          "clientip": {
            "gte": "52.64.0.0",
            "lte": "52.64.127.255"
          }
        }
      },
      {
        "range": {
          "clientip": {
            "gte": "54.153.128.0",
            "lte": "54.153.255.255"
          }
        }
      }
    ]
  }
}

Best of luck!

system · July 30, 2019, 6:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.