女帝的赏金

書名： ElasticSearch Cookbook
作者名： Alberto Paro
本章字數： 227字
更新時間： 2021-04-02 10:10:02

Mapping an IP field

ElasticSearch is used in a lot of networking systems to collect and search logs, such as Kibana (http://kibana.org/) and LogStash (http://logstash.net/). To improve search in these scenarios, it provides the IPv4 type that can be used to store an IP address in an optimized way.

Getting ready

You need a working ElasticSearch cluster.

How to do it...

You need to define the type of the field that contains IP address as "ip".

Using the above order example we can extend it by adding the customer IP address with the following code snippet:

  "customer_ip": {
    "type": "ip",
    "store": "yes",
    "index": "yes"
  }

The IP must be in the standard point notation form, as follows:

"customer_ip":"19.18.200.201"

How it works...

When ElasticSearch is processing a document, if a field is an IP one, it tries to convert its value to a numerical form and generates tokens for fast-value searching.

The IP has the following special properties:

index (defaults to yes): This defines if the field must be indexed. Otherwise no must be used.
precision_step: (defaults to 4): This defines how many terms must be generated for its original value.

The other properties (store, boot, null_value, and include_in_all) work as other base types.

The advantages of using IP fields versus strings are its faster speed in every range and filter and lower resources usage (disk and memory).

官术网_书友最值得收藏!

ElasticSearch Cookbook

Mapping an IP field

Getting ready

How to do it...

How it works...