IP datatype
editIP datatype
editAn ip
field can index/store either IPv4 or
IPv6 addresses.
PUT my_index { "mappings": { "my_type": { "properties": { "ip_addr": { "type": "ip" } } } } } PUT my_index/my_type/1 { "ip_addr": "192.168.1.1" } GET my_index/_search { "query": { "term": { "ip_addr": "192.168.0.0/16" } } }
Parameters for ip
fields
editThe following parameters are accepted by ip
fields:
Mapping field-level query time boosting. Accepts a floating point number, defaults
to |
|
Should the field be stored on disk in a column-stride fashion, so that it
can later be used for sorting, aggregations, or scripting? Accepts |
|
Whether or not the field value should be included in the
|
|
Should the field be searchable? Accepts |
|
Accepts an IPv4 value which is substituted for any explicit |
|
Whether the field value should be stored and retrievable separately from
the |
Querying ip
fields
editThe most common way to query ip addresses is to use the
CIDR
notation: [ip_address]/[prefix_length]
. For instance:
GET my_index/_search { "query": { "term": { "ip_addr": "192.168.0.0/16" } } }
or
GET my_index/_search { "query": { "term": { "ip_addr": "2001:db8::/48" } } }
Also beware that colons are special characters to the
query_string
query, so ipv6 addresses will
need to be escaped. The easiest way to do so is to put quotes around the
searched value:
GET t/_search { "query": { "query_string" : { "query": "ip_addr:\"2001:db8::/48\"" } } }