An ip_range field can be treated in the same way as any other range type field. See the docs here. The field value will be a network.
One thing to remember with ip_range fields is that if a document contains the range 0.0.0.0/0, it will match all queries.
You can find documents where the ip_range field contains a certain IP address using the match query. For example:
{
"query": {
"iprangefield": {
"addr": "192.168.1.17"
}
}
}
You can also use a range query to see if document contains another network. For example:
{
"query": {
"range": {
"iprangefield": {
"from": "192.168.1.10",
"to": "192.168.1.15"
}
}
}
}