Kibana 4 Visualization returning IP addresses in decimal format


#1

Setting up a visualization in kibana4 and found it is returning IP addresses in decimal format. Is there a way to get this to display in dotted-decimal (or normal IPv4) format?

If relevant I am using a Data Table visualization.


(Lee Drengenberg) #2

Hi Datadude,

If you go to Settings and click on your index pattern, then look (or search) in the list of fields. What data type is your IP address field? I think it should be String, and not have the Analyzed check mark. If that's not the case, you might need to look at the mapping and how the data is being loaded. Is it logstash? Or a beat?

Thanks,
Lee


#3

String will likely work but what is the point of the IP type?


(Lee Drengenberg) #4

Hi Datadude,

It looks like when you use ip type you can do some greater than/less than tests against it that you probably can't do correctly when it's a string. So ip type is probably better.

https://www.elastic.co/guide/en/elasticsearch/reference/current/ip.html

So when I try the example from the page above, I see I have ip_addr as type ip (indexed but not analyzed).

And in a Data Table visualization the ip address is shown in the dotted notation;

Maybe you're doing a different type of visualization? Can you attach a screenshot?

Thanks,
Lee


#5

It is now working, I use ordered index templates and there was some conflict with that field between the order 0 template and the order 3 template.

I guess kibana was using the order 0 template and not the 3 in the visualization.

If you looked in kibana settings for the more specific index match the field was type ip, not analyzed but if you looked at the same field under the more generic index it was ip, analyzed

I hit the refresh button at the top of the settings page and it fixed that field there to correspond with the order 3 template then went and checked the visualization and it was showing the IP address in dot form...


(system) #6