Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Elasticsearch 8.x Cookbook

You're reading from   Elasticsearch 8.x Cookbook Over 180 recipes to perform fast, scalable, and reliable searches for your enterprise

Arrow left icon
Product type Paperback
Published in May 2022
Publisher Packt
ISBN-13 9781801079815
Length 750 pages
Edition 5th Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Alberto Paro Alberto Paro
Author Profile Icon Alberto Paro
Alberto Paro
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Chapter 1: Getting Started 2. Chapter 2: Managing Mappings FREE CHAPTER 3. Chapter 3: Basic Operations 4. Chapter 4: Exploring Search Capabilities 5. Chapter 5: Text and Numeric Queries 6. Chapter 6: Relationships and Geo Queries 7. Chapter 7: Aggregations 8. Chapter 8: Scripting in Elasticsearch 9. Chapter 9: Managing Clusters 10. Chapter 10: Backups and Restoring Data 11. Chapter 11: User Interfaces 12. Chapter 12: Using the Ingest Module 13. Chapter 13: Java Integration 14. Chapter 14: Scala Integration 15. Chapter 15: Python Integration 16. Chapter 16: Plugin Development 17. Chapter 17: Big Data Integration 18. Chapter 18: X-Pack 19. Other Books You May Enjoy

Mapping an IP field

Elasticsearch is used in a lot of systems to collect and search logs, such as Kibana (https://www.elastic.co/products/kibana) and LogStash (https://www.elastic.co/products/logstash). To improve search when using IP addresses, Elasticsearch provides the IPv4 and IPv6 types, which can be used to store IP addresses in an optimized way.

Getting ready

You will need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe of Chapter 1, Getting Started.

How to do it…

You need to define the type of field that contains an IP address as ip.

Regarding the preceding order example, we can extend it by adding the customer IP, like so:

"customer_ip": { "type": "ip" }

The IP must be in the standard point notation form, as follows:

"customer_ip":"19.18.200.201"

How it works…

When Elasticsearch is processing a document and if a field is an IP one, it tries to convert its value into a numerical form and generates tokens for fast value searching.

The IP has special properties:

  • index (the default is true): This defines whether the field must be indexed. If not, false must be used.
  • doc_values (the default is true): This defines whether the field values should be stored in a column-stride fashion to speed up sorting and aggregations.

The other properties (store, boost, null_value, and include_in_all) work as other base types.

The advantage of using IP fields over strings is more speed in every range and filter and lower resource usage (disk and memory).

You have been reading a chapter from
Elasticsearch 8.x Cookbook - Fifth Edition
Published in: May 2022
Publisher: Packt
ISBN-13: 9781801079815
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime