Mapping an IP field_ElasticSearch Cookbook-QQ阅读男生都市网

上QQ阅读APP看书，第一时间看更新

Mapping an IP field

ElasticSearch is used in a lot of networking systems to collect and search logs, such as Kibana (http://kibana.org/) and LogStash (http://logstash.net/). To improve search in these scenarios, it provides the IPv4 type that can be used to store an IP address in an optimized way.

Getting ready

You need a working ElasticSearch cluster.

How to do it...

You need to define the type of the field that contains IP address as "ip".

Using the above order example we can extend it by adding the customer IP address with the following code snippet:

  "customer_ip": {
    "type": "ip",
    "store": "yes",
    "index": "yes"
  }

The IP must be in the standard point notation form, as follows:

"customer_ip":"19.18.200.201"

How it works...

When ElasticSearch is processing a document, if a field is an IP one, it tries to convert its value to a numerical form and generates tokens for fast-value searching.

The IP has the following special properties:

index (defaults to yes): This defines if the field must be indexed. Otherwise no must be used.
precision_step: (defaults to 4): This defines how many terms must be generated for its original value.

The other properties (store, boot, null_value, and include_in_all) work as other base types.

The advantages of using IP fields versus strings are its faster speed in every range and filter and lower resources usage (disk and memory).