IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
IP Range Aggregation
editIP Range Aggregation
editJust like the dedicated date range aggregation, there is also a dedicated range aggregation for IP typed fields:
Example:
{
"aggs" : {
"ip_ranges" : {
"ip_range" : {
"field" : "ip",
"ranges" : [
{ "to" : "10.0.0.5" },
{ "from" : "10.0.0.5" }
]
}
}
}
}
Response:
{
...
"aggregations": {
"ip_ranges": {
"buckets" : [
{
"to": "10.0.0.5",
"doc_count": 4
},
{
"from": "10.0.0.5",
"doc_count": 6
}
]
}
}
}
IP ranges can also be defined as CIDR masks:
{
"aggs" : {
"ip_ranges" : {
"ip_range" : {
"field" : "ip",
"ranges" : [
{ "mask" : "10.0.0.0/25" },
{ "mask" : "10.0.0.127/25" }
]
}
}
}
}
Response:
{
"aggregations": {
"ip_ranges": {
"buckets": [
{
"key": "10.0.0.0/25",
"from": "10.0.0.0",
"to": "10.0.0.127",
"doc_count": 127
},
{
"key": "10.0.0.127/25",
"from": "10.0.0.0",
"to": "10.0.0.127",
"doc_count": 127
}
]
}
}
}