Hi people,
I been slowly trying to change my mappings from text to "ip". However, some logs include the port. Before i go on and modify the grok filters, I wonder if this data type can handle IP:PORT fields.
Thanks for your time.
No, ip type only supports IP values. If you need the port you need to parse it and store in a different field before indexing.
got it. their documentation for the ip mapping didnt mention anything but wanted to be sure. Thanks for your reply Thiago
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.