Kibana search query to remove ip range

jystol · February 15, 2016, 10:47pm

I would like to exclude an ip range in my kibana visualization via a search similar to "NOT dst_ip:10.0.0.0/8 ". the field is of type ip. Any help would be appreciated.

magnusbaeck · February 16, 2016, 7:16am

Surprisingly I can't find any documentation of this, but I think

NOT dst_ip:[10.0.0.0 TO 10.255.255.255]

works.

jystol · February 16, 2016, 2:33pm

Thanks @magnusbaeck, I also have also tried the following and it seems to work as well.

NOT dst_ip:10.0.0.0/8 OR NOT dst_ip:192.168.0.0/16

Topic		Replies	Views
Anyway to exclude IP ranges in discover? Logstash	4	804	January 3, 2019
Kibana filter ip address or network Kibana	2	12135	May 10, 2019
How to filter on ip type fields in kibana Kibana	3	11103	May 6, 2019
How do you exclude subnets from search results in Kibana? Elastic Search	4	12	November 20, 2024
Search IP fields Kibana	3	228	April 22, 2021

Kibana search query to remove ip range

Related topics