Adds .cidr and .netmask #111
Conversation
Ref: elastic#86 For use with DHCP logs, Firewall logs, or BGP logs.
Adds `source.cidr`, `source.netmask`, `destination.cidr`, `destination.netmask`.
| - name: cidr | ||
| type: ip | ||
| description: > | ||
| CIDR of the source IP address |
There was a problem hiding this comment.
Could you add examples as you did in the others above?
Nit: Please add dots at the end of the descriptions as it will show up like this in the docs.
A: Someone who uses |
| @@ -203,6 +203,14 @@ | |||
| IP address of the destination. | |||
|
|
|||
| Can be one or multiple IPv4 or IPv6 addresses. | |||
| - name: cidr | |||
| type: ip | |||
There was a problem hiding this comment.
Each .cidr field should actually be of type ip_range [1], not ip [2]. You can search an ip field with a CIDR range, but you can't store a range directly in it.
If you want to play with these in a Kibana console:
PUT ip_test
{ "mappings": {
"_doc": {
"properties": {
"address": {
"type": "ip"
},
"range": {
"type": "ip_range"
}}}}}
PUT ip_test/_doc/1
{ "address": "127.0.0.1" }
PUT ip_test/_doc/2
{ "address": "::1" }
PUT ip_test/_doc/3
{ "address": "255.255.255.0" }
# Fails:
PUT ip_test/_doc/4
{ "address": "10.0.0.0/8" }
PUT ip_test/_doc/4
{ "range": "10.0.0.0/8" }
# Fails:
PUT ip_test/_doc/5
{ "range": "255.255.255.0" }
GET ip_test/_search
DELETE ip_test
|
Tip: in your PR body, if you have a line that says "Closes #86", GitHub will close the referenced issue automatically when this PR is merged. :-) |
|
I am closing this PR as it is outdated and the contributor is no longer active. |
Ref: #86
For use with DHCP logs, Firewall logs, or BGP logs.
Adds
source.cidr,source.netmask,destination.cidr,destination.netmask,network.cidr, andnetwork.netmask.