Queries on "ip_range" type (missing documentation)

whatgeorgemade · September 2, 2020, 9:00am

An ip_range field can be treated in the same way as any other range type field. See the docs here. The field value will be a network.

One thing to remember with ip_range fields is that if a document contains the range 0.0.0.0/0, it will match all queries.

You can find documents where the ip_range field contains a certain IP address using the match query. For example:

{
  "query": {
    "iprangefield": {
      "addr": "192.168.1.17"
    }
  }
}

You can also use a range query to see if document contains another network. For example:

{
  "query": {
    "range": {
      "iprangefield": {
        "from": "192.168.1.10",
        "to": "192.168.1.15"
      }
    }
  }
}

Topic		Replies	Views
CIDR query on ip range [2nd try] Elasticsearch	1	530	August 22, 2018
CIDR query on ip_range field not working Elasticsearch	1	753	June 27, 2018
In-between Query for IP data type Elasticsearch	13	1250	August 27, 2020
Scoring range queries by range size Elasticsearch	8	1012	December 31, 2018
Searching IP Address Range Using CIDR Mask Elasticsearch	4	4791	July 6, 2017