Queries on "ip_range" type (missing documentation)

whatgeorgemade · September 3, 2020, 9:05am

Matching the exact range is a bit more involved as range fields aren't meant for this sort of query.

One strategy would be to change your mapping and add a keyword multi-field that holds the original network address and mask. You can then do an exact match against that using a match query.

For example:

PUT testiprangefield
{
  "settings": {
    "number_of_replicas": 0
  },
  "mappings": {
    "properties": {
      "iprangefield": {
        "type": "ip_range",
        "fields": {
          "raw": {
            "type": "keyword"
          }
        }
      }
    }
  }
}

You can add documents in the usual way:

PUT testiprangefield/_doc/1
{
  "iprangefield": "192.168.1.1/28"
}

Then search against the raw multi-field.

GET testiprangefield/_search
{
  "query": {
    "match": {
      "iprangefield.raw": "192.168.1.1/28"
    }
  }
}

Topic		Replies	Views
Finding ip address ranges that contain a given ip address Elasticsearch	3	1307	July 6, 2017
Ip range with subnet Elasticsearch	4	2834	July 6, 2017
CIDR query on ip range [2nd try] Elasticsearch	1	614	August 22, 2018
Search IP Elasticsearch	3	371	June 14, 2018
How can we search for ranges IP addresses in fields with a query Elasticsearch	1	417	July 6, 2017

Queries on "ip_range" type (missing documentation)

Related topics