Mapping an IP field
ElasticSearch is used to collect and search logs in a lot of systems, such as Kibana (http://www.elasticsearch.org/overview/kibana/ or http://kibana.org/) and logstash (http://www.elasticsearch.org/overview/logstash/ or http://logstash.net/). To improve searching in these scenarios, it provides the IPv4 type that can be used to store IP addresses in an optimized way.
Getting ready
You need a working ElasticSearch cluster.
How to do it...
You need to define the type of the field that contains an IP address as "ip"
.
Using the preceding order
example, you can extend it by adding the customer IP:
"customer_ip": { "type": "ip", "store": "yes" }
The IP must be in the standard point notation form, as shown in the following code:
"customer_ip":"19.18.200.201"
How it works...
When ElasticSearch is processing a document, if a field is an IP one, it tries to convert its value to a numerical form and generate tokens for fast value searching.
The IP has special properties:
index
...