Scripted fields in kibana for IP public and Private

tatdat · June 16, 2017, 3:06am

Hi,

Im using Kibana 5.4.0
I have field netflow.ipv4_dst_addr. I want check this is private ỏ public ip.

Here is my script filed

def m = ^(?:10|127|172.(?:1[6-9]|2[0-9]|3[01])|192.168)..*$/.matcher(doc['netflow.ipv4_dst_addr'].value);
if ( m.matches() ) {
return "private"
} else {
return "public"
}

but kibana show compile error

Can u suggest me script field for this case ? And where is i can debug script field before put script to kibana?

Thanks

tatdat · June 19, 2017, 1:49am

Can Anyone help me. thanks!

Christian_Dahlqvist · June 19, 2017, 5:08am

Since this seems to be a static pattern, why not add a field at ingest time? This is likely to perform and scale better than a scripted field.

tatdat · June 20, 2017, 3:46pm

Thank for reply.

I used grok filter for this. it solved

Topic		Replies	Views
Using scripted fields in Kibana? Kibana	3	602	December 12, 2017
How to query private IP range in kibana? Kibana kql-kibana-query-language	2	10750	September 23, 2021
DSL Query to filter an IP type field to display documents that have a public IP address Kibana kql-kibana-query-language	2	919	December 19, 2022
Access to filter values in script kibana Kibana	9	850	July 6, 2021
Search IP fields Kibana	3	315	April 22, 2021

Scripted fields in kibana for IP public and Private

Related topics