GET logstash-ramesh-2020.09.16/_search
{
"query": {
"bool": {
"must_not": [
{
"regexp": {
"src_ip.raw": {
"value": "^(?:10|127|172\\.(?:1[6-9]|2[0-9]|3[01])|192\\.168)\\..*"
}
}
}
]
}
},
"_source": [
"src_ip"
]
}
How to fetch only Public or Private IP?
Thanks in Advance !
Thanks for your quick response.
But I need to filter only public IP
eg.,
GET logstash-ramesh-2020.09.16/_search
{
"query": {
"bool": {
"must_not": [
{
"regexp": {
"src_ip.raw": {
"value": "^(?:10|127|172\\.(?:1[6-9]|2[0-9]|3[01])|192\\.168)\\..*"
}
}
}
]
}
},
"_source": [
"src_ip"
]
}You can also try to use the ip data type, if your queries can be expressed using CIDR
DELETE my-index
PUT my-index
{
"mappings": {
"properties": {
"ip_addr": {
"type": "ip"
}
}
}
}
PUT my-index/_bulk?refresh
{"index":{}}
{"ip_addr":"192.168.1.1"}
{"index":{}}
{"ip_addr":"1.1.1.1"}
{"index":{}}
{"ip_addr":"10.5.6.7"}
GET my-index/_search
{
"query": {
"terms": {
"ip_addr": [
"192.168.0.0/16",
"127.16.0.0/16",
"10.0.0.0/8"
]
}
}
}
Thanks for your response.
But I don't have access to delete and recreate index. Can you suggest any alternate solution?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.