Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filters by ip address do not work if the elasticsearch field mapping is "ip" #460

Closed
pkubat opened this issue Sep 3, 2013 · 3 comments
Closed

filters by ip address do not work if the elasticsearch field mapping is "ip" #460

pkubat opened this issue Sep 3, 2013 · 3 comments

Comments

@pkubat
Copy link

pkubat commented Sep 3, 2013

ES mapping:

Does not work:

clinet_ip {
  type: "ip"
}

As a string works:

client_ip: {
  type: "string",
  index: "not_analyzed",
  omit_norms: true,
  index_options: "docs"
}

From the "spy" of the table

curl -XGET 'http://log01:9200/logstash-2013.09.03/_search?pretty' -d '{
  "query": {
    "filtered": {
      "query": {
        "bool": {
          "should": [
            {
              "query_string": {
                "query": "*"
              }
            }
          ]
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "match_all": {}
            },
            {
              "fquery": {
                "query": {
                  "field": {
                    "@type": {
                      "query": "\"apache_access_log\""
                    }
                  }
                },
                "_cache": true
              }
            },
            {
              "fquery": {
                "query": {
                  "field": {
                    "@fields.client_ip": {
                      "query": "192.168.1.2"
                    }
                  }
                },
                "_cache": true
              }
            },
            {
              "range": {
                "@timestamp": {
                  "from": 1378229604292,
                  "to": 1378233204292
                }
              }
            },
            {
              "bool": {
                "must": [
                  {
                    "match_all": {}
                  }
                ]
              }
            }
          ]
        }
      }
    }
  },
  "highlight": {
    "fields": {},
    "fragment_size": 2147483647,
    "pre_tags": [
      "@start-highlight@"
    ],
    "post_tags": [
      "@end-highlight@"
    ]
  },
  "size": 100,
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ]
}'
@spalger
Copy link
Contributor

spalger commented Sep 10, 2013

The ip type isn't stored by default, set "store" to true and it looks like it works. More info

@spalger spalger closed this as completed Sep 10, 2013
@rashidkpc
Copy link
Contributor

I'm going to reopen this for further testing

@rashidkpc rashidkpc reopened this Sep 10, 2013
@rashidkpc
Copy link
Contributor

I can't replicate this. Searching for specific IPs as well as ranges seems to function as normal. I noted a typo in your mapping however. clinet_ip should be client_ip. Can you correct this, retest and report if this functionality appears broken?

clinet_ip {
  type: "ip"
}

@snyk-bot snyk-bot mentioned this issue Jan 8, 2020
Open
This was referenced Mar 12, 2020
Open
Open
This was referenced Apr 27, 2021
Open
Open
Open
@snyk-bot snyk-bot mentioned this issue Sep 12, 2021
Open
@82ndAirborneDiv 82ndAirborneDiv mentioned this issue Nov 5, 2022
Open
@snyk-bot snyk-bot mentioned this issue Nov 5, 2022
Open
@xhad xhad mentioned this issue Nov 5, 2022
Open
@enterstudio enterstudio mentioned this issue Dec 25, 2022
Open
@xhad xhad mentioned this issue Dec 25, 2022
Open
@82ndAirborneDiv 82ndAirborneDiv mentioned this issue Dec 26, 2022
Open
@enterstudio enterstudio mentioned this issue Oct 1, 2023
Open
@xhad xhad mentioned this issue Oct 1, 2023
Open
@82ndAirborneDiv 82ndAirborneDiv mentioned this issue Oct 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rashidkpc @spalger @pkubat