Discuss the Elastic Stack

How to do lookup based on Ip ranges

Elastic Stack Logstash

tahseen_fatima (Tahseen) June 9, 2021, 8:16am 1

Hi Team,

I have requirement where I have to do lookup on ranges like,
If Ip
10.10.x.xx to 10.10x.xxx matches then add fileds Firewall
10.12.xx.xx to 10.12.x.xxx matches then add fileds Application.

Below is my logstash lookupcode without ranges.

elasticsearch {
hosts => ["http://localhost:9200"]
index => ["iplist"]
query_template => "C:/Users/xyz/Desktop/elk/ip.json"      
fields => { "Application_name" => "Application_name" }
}

{ 
 "size": 1,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "IP": "%{[Source_Network_Address]}"
          }
        }
      ]
    }
  }
}

Kindly help,

Regards,
Tahseen

tahseen_fatima (Tahseen) June 11, 2021, 5:38am 2

Hi,

I have got a solution by my self using the cidr filter plugin in logstash.

Cidr Filter Plugin

Regards,
Tahseen

1 Like

system (system) Closed July 9, 2021, 5:38am 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Lookup for IP range Logstash	2	201	July 8, 2021
Logstash match IP range Logstash	2	992	September 11, 2017
Query range IP Elasticsearch	1	396	December 28, 2018
Logstash CIDR network range Logstash	2	238	November 5, 2020
CIDR, location lookup in the most efficient way Logstash	3	1353	June 13, 2018

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.