I'm trying to create a table that shows the top 5 source IPs, but only public IPs.
I notice there is an advanced section with "Exclude values" I turned on regex and put in the following regex.
/(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)/
However, the results don't change aftewards. Am I doing sometihng wrong?
Try with additional .*
(^127\..*)|(^10\..*) ...
Hi @turboz
no need to add the ^, something like that should work:
(127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.).*
I tried removing the ^, but that didn't work. After some further research I didn't realize how limited Lucene is for regex...
So here is another working solution. Rios has a good one as well, see comment below on that. Either solution will provide the same result.
127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|172\.16-31\.[0-9]{1,3}\.[0-9]{1,3}|192\.168\.[0-9]{1,3}\.[0-9]{1,3}
@Rios I did try a simlar regex to that, but you have to remove the ^ for it to work. Thanks for your contribution!
127\..* | ... | ...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.