I know there is the ability in Kibana to search by an IP range
ex: ip:["128.0.0.0" TO "191.255.255.255"]
and there is also the ability to use CIDR masks when creating a new
aggregation (Visualization tab).
My question is can you somehow use CIDR masks from the Discovery view?
ex: ip:"128.0.0/2"
every variation I have tried has resulted in an error for invalid syntax or there is an error with the request.
If this does not exist yet, is it something that is planned for a future release?
thanks.
just happened to see this ticket - https://github.com/elastic/elasticsearch/issues/7464
Yeah, until Elasticsearch natively supports it in Lucene query syntax, Kibana Discover search won't support it either. The query from the search bar is passed straight through to Elasticsearch.
thanks for the reply! I'll wait and see if this gets added to Elasticsearch
This would be extremely useful for our firewall team and might help us displace some more Splunk!
Turns out you can do this using this query - {"term" : {"ip" : "192.168.0.0/24"}} (NOTE: applies to ES 2.2 only sorry!).
Thanks to @lukas for digging it up 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.