Hello
I have the exact same problem as described in this old googlegroups thread: I have several ranges of IP addresses and would like to retrieve the ones which contain a given IP.
The thread ends with
If you have multiple ip_ranges, then you will need to change the mapping from type "object" to type "nested" and use a nested filter instead.
I tried to achieve this by various combination of nested and mappings but to be honest I am completely lost.
What would be the best approach to index, for instance, these three networks (this is taken from my code) :
[
{
'size': 65536,
'range': {
'from': '10.0.0.0',
'to': '10.0.255.255',
}
},
{
'size': 4096,
'range': {
'from': '10.0.0.0',
'to': '10.0.15.255',
}
},
{
'size': 256,
'range': {
'from': '10.0.0.0',
'to': '10.0.0.255',
}
},
]
and then query IPs 10.0.0.1 (should match all three networks) and 10.0.100.1 (should match only one)?
I would appreciate very much any pointers which would help me to understand why the mapping must me nested (these are standalone networks, and my limited understanding is that nesting is to search for entries which are, well, nested (for instance a case where a single document is a host, which has several vulnerabilities - and the search is on the vulnerabilities and not on, the host root properties) - and how to proceed with the search.
Thank you!