Hi people,
I been slowly trying to change my mappings from text to "ip". However, some logs include the port. Before i go on and modify the grok filters, I wonder if this data type can handle IP:PORT fields.
Thanks for your time.
No, ip type only supports IP values. If you need the port you need to parse it and store in a different field before indexing.
got it. their documentation for the ip mapping didnt mention anything but wanted to be sure. Thanks for your reply Thiago