Elasticsearch按CIDR筛选查询

时间:2016-06-10 18:08:41

标签: elasticsearch cidr

例如,您如何构建一个Elasticsearch查询,该查询按包含ip匹配192.168.100.14/24字段的文档进行过滤?

{
    query: {
        filtered: {
            filter: {
                ???
            }
        }
    }
}

为了澄清,我正在搜索的文档具有索引为IP字段的属性,并且我想查找具有与CIDR掩码匹配的IP的所有文档(将在过滤器中指定)。

2 个答案:

答案 0 :(得分:1)

如果使用ES 2.2或更高版本,请尝试此操作:

{"query": {"term" : {"<ip_field_name>" : "192.168.100.14/24"}}}

答案 1 :(得分:0)

elasticsearch类型var dictArray: [Dictionary<String, String>] = [] func getAlerts(){ let invitesRef = self.rootRef.child("invites") let query = invitesRef.queryOrderedByChild("invitee").queryEqualToValue(currentUser?.uid) query.observeEventType(.Value, withBlock: { snapshot in for child in snapshot.children { guard let invitee = child.value["invitee"] as? String else{ return } guard let role = child.value["role"] as? String else{ return } self.dictArray.append(child as! Dictionary<String, String>) print(self.dictArray) } }) } 不支持该类型的输入。这是一个示例,表明它将失败:

输入

ip

结果

PUT index1
{
  "mappings": {
    "type1": {
      "properties": {
        "ip_addr": {
          "type": "ip"
        }
      }
    }
  }
}


POST index1/type1
{
  ip_addr: "192.168.100.14/24"
}

相反,如果您剥离{ "error": { "root_cause": [ { "type": "mapper_parsing_exception", "reason": "failed to parse [ip_addr]" } ], "type": "mapper_parsing_exception", "reason": "failed to parse [ip_addr]", "caused_by": { "type": "illegal_argument_exception", "reason": "failed to parse ip [192.168.100.14/24], not a valid ip address" } }, "status": 400 } 它将正常工作。