Unable to search all fields for IP address

JSkier · November 15, 2019, 10:18pm

I'm trying to search for an IP (example query on search page: 127.0.0.1), and the results indicate 0. If I put *.ip:127.0.0.1 it works fine (I get results with desintation and source IPs).

My concern and question is, shouldn't kibana be searching all fields if I don't specify one? I'm running the latest cluster 7.4.2, filebeat w/ suricata module for ingesting these logs.

Update: I checked other indices and they appear to work very well, catching all instances of the lone IP address. Not sure why filebeat index is not.

lukas · November 15, 2019, 10:37pm

Hi @JSkier,

In the query bar, do you have KQL or Lucene selected as your query language?

JSkier · November 16, 2019, 12:12am

Hi,

I've tried both, single and double qoutes as well. No results found.

system · December 14, 2019, 12:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search for IP address does not return results Kibana docker	7	2965	May 25, 2020
[Kibana 7.10] How to search from all Index Patten Kibana	4	269	October 7, 2021
Question About search in Kibana Kibana	2	280	November 26, 2020
Cannot query ip address fields using elastic SQL Kibana	8	1000	November 2, 2020
Search IP fields Kibana	3	228	April 22, 2021

Unable to search all fields for IP address

Related topics