How to set field type to "ip"?

naisanza · June 30, 2015, 7:23pm

I've used the date filter to set a target field as a date type. I don't see a filter to set a target field type to "ip".

I'm looking to do this so I can use the IPv4 Range Aggregation, but
haven't been able to find the documentation on how I can map a field to
type: ip, without needing a custom template.

And also, I've been trying to find out how you will deal with a log that contains multiple ip fields.

Logstash isn't able to deal with multiple geoip fields without a
custom template. I'm hoping this isn't the same case with ip fields.

An example event would be:

63.88.73.59,104.197.28.247,104.197.28.0,-,,-,Google Inc.,Mountain View,CA,US,Google Inc.,Mountain View,CA,US

magnusbaeck · June 30, 2015, 8:38pm

I think you need a custom index template for this. But really, you'll want to have that sooner or later anyway.

naisanza · June 30, 2015, 9:07pm

You're right. It's not part of the default dynamic mapping, and will need to be done manually.

Topic		Replies	Views
Help - Custom GeoIP Target / Updating Template/Index Kibana	10	622	December 22, 2020
Can't get a field type IP Logstash	12	7037	July 6, 2017
Using custom target for geoip filter, how to update Elasticsearch template? Logstash	7	753	April 21, 2018
How set IP address type on selected fields Logstash	2	1526	November 21, 2020
Logstash dns filter and indexing IP input as "ip" type in Elasticsearch Elasticsearch	1	686	September 5, 2018

How to set field type to "ip"?

Related topics