An ip
field can index/store either IPv4 or
IPv6 addresses.
PUT my_index { "mappings": { "properties": { "ip_addr": { "type": "ip" } } } } PUT my_index/_doc/1 { "ip_addr": "192.168.1.1" } GET my_index/_search { "query": { "term": { "ip_addr": "192.168.0.0/16" } } }
You can also store ip ranges in a single field using an ip_range datatype.
The following parameters are accepted by ip
fields:
Mapping field-level query time boosting. Accepts a floating point number, defaults
to | |
Should the field be stored on disk in a column-stride fashion, so that it
can later be used for sorting, aggregations, or scripting? Accepts | |
Should the field be searchable? Accepts | |
Accepts an IPv4 value which is substituted for any explicit | |
Whether the field value should be stored and retrievable separately from
the |
The most common way to query ip addresses is to use the
CIDR
notation: [ip_address]/[prefix_length]
. For instance:
GET my_index/_search { "query": { "term": { "ip_addr": "192.168.0.0/16" } } }
or
GET my_index/_search { "query": { "term": { "ip_addr": "2001:db8::/48" } } }
Also beware that colons are special characters to the
query_string
query, so ipv6 addresses will
need to be escaped. The easiest way to do so is to put quotes around the
searched value:
GET my_index/_search { "query": { "query_string" : { "query": "ip_addr:\"2001:db8::/48\"" } } }