You're reading from Elasticsearch 8.x Cookbook Over 180 recipes to perform fast, scalable, and reliable searches for your enterprise

Product type Paperback

Published in May 2022

Publisher Packt

ISBN-13 9781801079815

Length 750 pages

Edition 5th Edition

Languages

Java

Tools

Elasticsearch

Concepts

Enterprise Search

Author (1):

Alberto Paro

View More author details

Table of Contents (20) Chapters

Preface

1. Chapter 1: Getting Started

2. Chapter 2: Managing Mappings FREE CHAPTER

3. Chapter 3: Basic Operations

4. Chapter 4: Exploring Search Capabilities

5. Chapter 5: Text and Numeric Queries

6. Chapter 6: Relationships and Geo Queries

7. Chapter 7: Aggregations

8. Chapter 8: Scripting in Elasticsearch

9. Chapter 9: Managing Clusters

10. Chapter 10: Backups and Restoring Data

11. Chapter 11: User Interfaces

12. Chapter 12: Using the Ingest Module

13. Chapter 13: Java Integration

14. Chapter 14: Scala Integration

15. Chapter 15: Python Integration

16. Chapter 16: Plugin Development

17. Chapter 17: Big Data Integration

18. Chapter 18: X-Pack

19. Other Books You May Enjoy

Mapping an IP field

Elasticsearch is used in a lot of systems to collect and search logs, such as Kibana (https://www.elastic.co/products/kibana) and LogStash (https://www.elastic.co/products/logstash). To improve search when using IP addresses, Elasticsearch provides the IPv4 and IPv6 types, which can be used to store IP addresses in an optimized way.

Getting ready

You will need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe of Chapter 1, Getting Started.

How to do it…

You need to define the type of field that contains an IP address as ip.

Regarding the preceding order example, we can extend it by adding the customer IP, like so:

"customer_ip": { "type": "ip" }

The IP must be in the standard point notation form, as follows:

"customer_ip":"19.18.200.201"

How it works…

When Elasticsearch is processing a document and if a field is an IP one, it tries to convert its value into a numerical form and generates tokens for fast value searching.

The IP has special properties:

index (the default is true): This defines whether the field must be indexed. If not, false must be used.
doc_values (the default is true): This defines whether the field values should be stored in a column-stride fashion to speed up sorting and aggregations.

The other properties (store, boost, null_value, and include_in_all) work as other base types.

The advantage of using IP fields over strings is more speed in every range and filter and lower resource usage (disk and memory).