No IPV6 Range Aggregation bucket?

Phrozyn · August 17, 2018, 7:12pm

With 5.x ipv6 is supported in the IP type field now. However, it seems Kibana did not keep up.

If I remove my string fields and rely only on the ip type field in my ES mapping, and try to aggregate on it using Kibana, I can only aggregate on the ipv4 range type, and any other aggregations remove any ip fields from available terms.

Is it the same in 6.x too? Why is this not mentioned in any of the documentation?
If it is in the documentation, it must be extremely buried because I can find no mention of "We support IPv6 in ES but not in Kibana visualizations"

edit: I played with this a bit more, and seems I can aggregate using "terms" but not "significant terms"

lukas · August 30, 2018, 3:36pm

Yes, it appears you're right. Would you mind opening a feature request? Thanks!

Phrozyn · August 30, 2018, 3:43pm

Feature Request made Ty!

Having something like this could greatly reduce the number of fields in a mapping needed, and prevents loss of functionality that exploding the mapping creates.

jonsmiteeww · September 21, 2018, 3:14am

I searched the forum but haven't found an answer.

I just changed my index template to set IP addresses to type:ip but now I get parser failed because not a valid ipv4 address for all ipv6. Is there a way to use this for all ipv4 and another type for ipv6?

system · September 30, 2018, 6:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.