Queries on "ip_range" type (missing documentation)

spinscale · September 16, 2020, 9:52am

If you only have a single IP in your data, then you do not need an iprange as long as your ranges can be expressed using CIDR. You can use the ip datatype

DELETE my-index

PUT my-index
{
  "mappings": {
    "properties": {
      "ip_addr": {
        "type": "ip"
      }
    }
  }
}

PUT my-index/_bulk?refresh
{"index":{}}
{"ip_addr":"192.168.1.1"}
{"index":{}}
{"ip_addr":"1.1.1.1"}
{"index":{}}
{"ip_addr":"10.5.6.7"}


GET my-index/_search
{
  "query": {
    "terms": {
      "ip_addr": [
        "192.168.0.0/16",
        "127.16.0.0/16",
        "10.0.0.0/8"
      ]
    }
  }
}

Topic		Replies	Views
Finding ip address ranges that contain a given ip address Elasticsearch	3	1317	July 6, 2017
Ip range with subnet Elasticsearch	4	2842	July 6, 2017
CIDR query on ip range [2nd try] Elasticsearch	1	628	August 22, 2018
Search IP Elasticsearch	3	379	June 14, 2018
How can we search for ranges IP addresses in fields with a query Elasticsearch	1	424	July 6, 2017

Queries on "ip_range" type (missing documentation)

Related topics