How to set field type to "ip"?

naisanza · June 30, 2015, 7:23pm

I've used the date filter to set a target field as a date type. I don't see a filter to set a target field type to "ip".

I'm looking to do this so I can use the IPv4 Range Aggregation, but
haven't been able to find the documentation on how I can map a field to
type: ip, without needing a custom template.

And also, I've been trying to find out how you will deal with a log that contains multiple ip fields.

Logstash isn't able to deal with multiple geoip fields without a
custom template. I'm hoping this isn't the same case with ip fields.

An example event would be:

63.88.73.59,104.197.28.247,104.197.28.0,-,,-,Google Inc.,Mountain View,CA,US,Google Inc.,Mountain View,CA,US

magnusbaeck · June 30, 2015, 8:38pm

I think you need a custom index template for this. But really, you'll want to have that sooner or later anyway.

naisanza · June 30, 2015, 9:07pm

You're right. It's not part of the default dynamic mapping, and will need to be done manually.