IP datatype

» » »

IP datatype

An ip field can index/store either IPv4 or IPv6 addresses.

PUT my_index
{
  "mappings": {
    "properties": {
      "ip_addr": {
        "type": "ip"
      }
    }
  }
}

PUT my_index/_doc/1
{
  "ip_addr": "192.168.1.1"
}

GET my_index/_search
{
  "query": {
    "term": {
      "ip_addr": "192.168.0.0/16"
    }
  }
}

You can also store ip ranges in a single field using an ip_range datatype.

Parameters for `ip` fields

The following parameters are accepted by ip fields:

`boost`	Mapping field-level query time boosting. Accepts a floating point number, defaults to `1.0`.
`doc_values`	Should the field be stored on disk in a column-stride fashion, so that it can later be used for sorting, aggregations, or scripting? Accepts `true` (default) or `false`.
`index`	Should the field be searchable? Accepts `true` (default) and `false`.
`null_value`	Accepts an IPv4 value which is substituted for any explicit `null` values. Defaults to `null`, which means the field is treated as missing.
`store`	Whether the field value should be stored and retrievable separately from the `_source` field. Accepts `true` or `false` (default).

Querying `ip` fields

The most common way to query ip addresses is to use the CIDR notation: [ip_address]/[prefix_length]. For instance:

GET my_index/_search
{
  "query": {
    "term": {
      "ip_addr": "192.168.0.0/16"
    }
  }
}

GET my_index/_search
{
  "query": {
    "term": {
      "ip_addr": "2001:db8::/48"
    }
  }
}

Also beware that colons are special characters to the query_string query, so ipv6 addresses will need to be escaped. The easiest way to do so is to put quotes around the searched value:

GET my_index/_search
{
  "query": {
    "query_string" : {
      "query": "ip_addr:\"2001:db8::/48\""
    }
  }
}

« Geo-Shape datatype Keyword datatype »

IP datatype

Parameters for ip fields

Querying ip fields

Getting Started Videos

Be in the know with the latest and greatest from Elastic.

Parameters for `ip` fields

Querying `ip` fields