With 5.x ipv6 is supported in the IP type field now. However, it seems Kibana did not keep up.
If I remove my string fields and rely only on the ip type field in my ES mapping, and try to aggregate on it using Kibana, I can only aggregate on the ipv4 range type, and any other aggregations remove any ip fields from available terms.
Is it the same in 6.x too? Why is this not mentioned in any of the documentation?
If it is in the documentation, it must be extremely buried because I can find no mention of "We support IPv6 in ES but not in Kibana visualizations"
edit: I played with this a bit more, and seems I can aggregate using "terms" but not "significant terms"
Having something like this could greatly reduce the number of fields in a mapping needed, and prevents loss of functionality that exploding the mapping creates.
I just changed my index template to set IP addresses to type:ip but now I get parser failed because not a valid ipv4 address for all ipv6. Is there a way to use this for all ipv4 and another type for ipv6?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
Ty!