Hi, Is that possible to do sorting for the Ip type? or should we convert to integer format and do sorting on the integer converted value.
While doing sorting for IPv6 on ascending order seeing an issue in the sorted results?
Is there any known issue in Elastic 6.2 version?
Seems like for IPv6 sorting based CIDR notation is not working.
{
"size": 0,
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "flowType:IPV6"
}
}
]
}
},
"aggs": {
"byFlow": {
"terms": {
"script": "['trailer', doc.dstIp.value].join(',')",
"order": {
"_term": "asc"
},
"size": 25
}
}
}
}
Results:
"key" : "trailer,2001:0:15:15:15::",
"key" : "trailer,2001:0:15:15:15::1",
"key" : "trailer,2001:0:15:15:15::2",
"key" : "trailer,2001:0:15:15:15::3",
"key" : "trailer,2001:15:15:15::",
"key" : "trailer,2001:15:15:15::1",
"key" : "trailer,2001:15:15:15::2",
"key" : "trailer,2001:15:15:15::3",
"key" : "trailer,2001::15:15:15:0", >>>> This IP is lowest, but this not coming in the first????
"key" : "trailer,2001::15:15:15:1",
"key" : "trailer,2001::15:15:15:2",
"key" : "trailer,2001::15:15:15:3",
"key" : "trailer,2001::15:15:15:4",
"key" : "trailer,3001:0:12:12:12::",
"key" : "trailer,3001:0:12:12:12::1",
"key" : "trailer,3001:0:12:12:12::2",
"key" : "trailer,3001:0:12:12:12::3",
"key" : "trailer,3001:12:12:12::",
"key" : "trailer,3001:12:12:12::1",
"key" : "trailer,3001:12:12:12::2",
"key" : "trailer,3001:12:12:12::3",
Noticed simple sort is working for IPv6 but order doesn't seems to be working.
PUT my_index3
{
"mappings": {
"properties": {
"srcIpv6": { "type": "ip"}
}
}
}
Not Working: (Output is not properly sorted)
GET my_index3/_search
{
"aggs": {
"byFlow": {
"terms": {
"script": "[doc.srcIpv6.value].join(',')",
"order": {
"_key": "asc"
},
"size": 25
}
}
}
}
Working:
GET /my_index3/_search
{
"sort" : [{ "srcIpv6" : {"order" : "asc"}}],
"size": "40"
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.