Query for IP External IP Addresses Only

Wilks · March 8, 2022, 1:29am

Hi,
I am trying to use a KQL query to search for non private (rfc1918) addresses. I am using the following query

AND NOT destination.ip:10.0.0.0/8 OR NOT destination.ip:192.168.0.0/16 OR NOT destination.ip :172.16.0.0/12

The issue is it works but some of the destination.ip results have no data. How do I write the query so that it just displays data where destination.ip : exists

Thanks

matw · March 8, 2022, 7:55am

Hi
Would using the filterbar for this purpose be an option?

Best,
Matthias

Topic		Replies	Views
DSL Query to filter an IP type field to display documents that have a public IP address Kibana kql-kibana-query-language	1	926	November 21, 2022
Kibana search query to remove ip range Kibana	2	24325	February 16, 2016
How to query private IP range in kibana? Kibana kql-kibana-query-language	1	10758	August 26, 2021
How do you search for many IP addresses and output only the source IP and destination IP in Dev Tools [Kibana] Kibana	1	1876	June 22, 2021
IP type: exclude 0.0.0.255/32 Elasticsearch	0	385	March 19, 2018

Query for IP External IP Addresses Only

Related topics