Mapping an IP field_ElasticSearch Cookbook（Second Edition）-QQ阅读女生现言网

上QQ阅读APP看书，第一时间看更新

Mapping an IP field

ElasticSearch is used to collect and search logs in a lot of systems, such as Kibana (http://www.elasticsearch.org/overview/kibana/ or http://kibana.org/) and logstash (http://www.elasticsearch.org/overview/logstash/ or http://logstash.net/). To improve searching in these scenarios, it provides the IPv4 type that can be used to store IP addresses in an optimized way.

Getting ready

You need a working ElasticSearch cluster.

How to do it...

You need to define the type of the field that contains an IP address as "ip".

Using the preceding order example, you can extend it by adding the customer IP:

  "customer_ip": {
    "type": "ip",
    "store": "yes"
  }

The IP must be in the standard point notation form, as shown in the following code:

"customer_ip":"19.18.200.201"

How it works...

When ElasticSearch is processing a document, if a field is an IP one, it tries to convert its value to a numerical form and generate tokens for fast value searching.

The IP has special properties:

index: This defines whether the field should be indexed. Otherwise, no value must be set
precision_step (by default, 4): This defines the number of terms that must be generated for its original value

The other properties (store, boot, null_value, and include_in_all) work as other base types.

The advantages of using IP fields over string fields are: faster speed in every range, improved filtering, and lower resource usage (disk and memory).