Storing/searching IPs

Attila_Nagy · June 16, 2015, 1:53pm

Hi,

I would like to store IP addresses and subnets (one or more per document)
and I would like to search for them with exact or inclusion (does an IP is
in any of the subnets stored in the documents).

For example a document could have the following:
"ip": ["192.168.0.1","192.168.1.0/24","1000::/64"]

And searching for 192.168.0.1, 192.168.1.5 or 1000::1 should match it.

Are there any chances to have this sometime soon? And if not, what would be
the best hack (if any) to support this?

Thanks,

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

jprante · June 16, 2015, 3:26pm

It is possible to write a plugin with IP/subnet as a new field type.

Jörg

On Thu, Apr 16, 2015 at 9:34 PM, Attila Nagy nagy.attila@gmail.com wrote:

Hi,

I would like to store IP addresses and subnets (one or more per document)
and I would like to search for them with exact or inclusion (does an IP is
in any of the subnets stored in the documents).

For example a document could have the following:
"ip": ["192.168.0.1","192.168.1.0/24","1000::/64"]

And searching for 192.168.0.1, 192.168.1.5 or 1000::1 should match it.

Are there any chances to have this sometime soon? And if not, what would
be the best hack (if any) to support this?

Thanks,

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH7CSTfX%2B37N6x8RCGOynjxD_Ktqp0zrG6Oa0oZtjA%3DBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Charlie_Hull · June 16, 2015, 3:26pm

On 16/04/2015 20:34, Attila Nagy wrote:

Hi,

I would like to store IP addresses and subnets (one or more per
document) and I would like to search for them with exact or inclusion
(does an IP is in any of the subnets stored in the documents).

For example a document could have the following:
"ip": ["192.168.0.1","192.168.1.0/24","1000::/64"]

And searching for 192.168.0.1, 192.168.1.5 or 1000::1 should match it.

Are there any chances to have this sometime soon? And if not, what would
be the best hack (if any) to support this?

Hi,

We did something similar a while ago:

Hope you find this useful.

Cheers

Charlie

Thanks,

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearch+unsubscribe@googlegroups.com
mailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
Charlie Hull
Flax - Open Source Enterprise Search

tel/fax: +44 (0)8700 118334
mobile: +44 (0)7767 825828
web: www.flax.co.uk

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5530C084.7040901%40flax.co.uk.
For more options, visit https://groups.google.com/d/optout.

Attila_Nagy · June 16, 2015, 3:26pm

Hi,

Those are the hacks I thought about, although I don't cleary see yet how
that would be useful for subnet searches and v4/v6.

Basically my problem boils down to:

having arbitrary (well, 32 bit for v4 and 128 bit for v6) sized integers
searching for range inclusions

The first can be solved with some maths, but how can I do the second?

I mean is it possible to store a document like this (or any equivalent with
nesting etc):
subnets: [[100,2000],[300:300],[5000,6000]]
so:
subnets: [[min1,max1],[min2,max2]...]

and have this document returned when I specify any number which is:

100>=<2000
300
5000>=<6000

?

április 17., péntek 10:13:08 UTC+2 időpontban Charlie Hull a
következőt írta:

On 16/04/2015 20:34, Attila Nagy wrote:

Hi,

I would like to store IP addresses and subnets (one or more per
document) and I would like to search for them with exact or inclusion
(does an IP is in any of the subnets stored in the documents).

For example a document could have the following:
"ip": ["192.168.0.1","192.168.1.0/24","1000::/64"]

And searching for 192.168.0.1, 192.168.1.5 or 1000::1 should match it.

Are there any chances to have this sometime soon? And if not, what would
be the best hack (if any) to support this?

Hi,

We did something similar a while ago:

http://www.flax.co.uk/blog/2014/06/03/flexible-search-of-structured-numeric-data-with-elasticsearch/

Hope you find this useful.

Cheers

Charlie

Thanks,

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com <javascript:>
<mailto:elasticsearch+unsubscribe@googlegroups.com <javascript:>>.
To view this discussion on the web visit

https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com

<
https://groups.google.com/d/msgid/elasticsearch/3bfede54-5fde-4b65-9947-bfc43e3bdef8%40googlegroups.com?utm_medium=email&utm_source=footer>.

For more options, visit https://groups.google.com/d/optout.

--
Charlie Hull
Flax - Open Source Enterprise Search

tel/fax: +44 (0)8700 118334
mobile: +44 (0)7767 825828
web: www.flax.co.uk

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e0cf6189-036d-4bbd-91c0-5de8d30fd8a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

system · July 6, 2017, 12:19am