IP 范围聚合
编辑IP 范围聚合
编辑就像专用的日期范围聚合一样,对于 IP 类型字段也有一个专用的范围聚合
示例
resp = client.search(
index="ip_addresses",
size=10,
aggs={
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{
"to": "10.0.0.5"
},
{
"from": "10.0.0.5"
}
]
}
}
},
)
print(resp)
response = client.search(
index: 'ip_addresses',
body: {
size: 10,
aggregations: {
ip_ranges: {
ip_range: {
field: 'ip',
ranges: [
{
to: '10.0.0.5'
},
{
from: '10.0.0.5'
}
]
}
}
}
}
)
puts response
const response = await client.search({
index: "ip_addresses",
size: 10,
aggs: {
ip_ranges: {
ip_range: {
field: "ip",
ranges: [
{
to: "10.0.0.5",
},
{
from: "10.0.0.5",
},
],
},
},
},
});
console.log(response);
GET /ip_addresses/_search
{
"size": 10,
"aggs": {
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{ "to": "10.0.0.5" },
{ "from": "10.0.0.5" }
]
}
}
}
}
响应
{
...
"aggregations": {
"ip_ranges": {
"buckets": [
{
"key": "*-10.0.0.5",
"to": "10.0.0.5",
"doc_count": 10
},
{
"key": "10.0.0.5-*",
"from": "10.0.0.5",
"doc_count": 260
}
]
}
}
}
IP 范围也可以定义为 CIDR 掩码
resp = client.search(
index="ip_addresses",
size=0,
aggs={
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{
"mask": "10.0.0.0/25"
},
{
"mask": "10.0.0.127/25"
}
]
}
}
},
)
print(resp)
response = client.search(
index: 'ip_addresses',
body: {
size: 0,
aggregations: {
ip_ranges: {
ip_range: {
field: 'ip',
ranges: [
{
mask: '10.0.0.0/25'
},
{
mask: '10.0.0.127/25'
}
]
}
}
}
}
)
puts response
const response = await client.search({
index: "ip_addresses",
size: 0,
aggs: {
ip_ranges: {
ip_range: {
field: "ip",
ranges: [
{
mask: "10.0.0.0/25",
},
{
mask: "10.0.0.127/25",
},
],
},
},
},
});
console.log(response);
GET /ip_addresses/_search
{
"size": 0,
"aggs": {
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{ "mask": "10.0.0.0/25" },
{ "mask": "10.0.0.127/25" }
]
}
}
}
}
响应
{
...
"aggregations": {
"ip_ranges": {
"buckets": [
{
"key": "10.0.0.0/25",
"from": "10.0.0.0",
"to": "10.0.0.128",
"doc_count": 128
},
{
"key": "10.0.0.127/25",
"from": "10.0.0.0",
"to": "10.0.0.128",
"doc_count": 128
}
]
}
}
}
键控响应
编辑将 keyed 标志设置为 true 将会为每个桶关联一个唯一的字符串键,并以哈希而不是数组的形式返回范围
resp = client.search(
index="ip_addresses",
size=0,
aggs={
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{
"to": "10.0.0.5"
},
{
"from": "10.0.0.5"
}
],
"keyed": True
}
}
},
)
print(resp)
response = client.search(
index: 'ip_addresses',
body: {
size: 0,
aggregations: {
ip_ranges: {
ip_range: {
field: 'ip',
ranges: [
{
to: '10.0.0.5'
},
{
from: '10.0.0.5'
}
],
keyed: true
}
}
}
}
)
puts response
const response = await client.search({
index: "ip_addresses",
size: 0,
aggs: {
ip_ranges: {
ip_range: {
field: "ip",
ranges: [
{
to: "10.0.0.5",
},
{
from: "10.0.0.5",
},
],
keyed: true,
},
},
},
});
console.log(response);
GET /ip_addresses/_search
{
"size": 0,
"aggs": {
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{ "to": "10.0.0.5" },
{ "from": "10.0.0.5" }
],
"keyed": true
}
}
}
}
响应
{
...
"aggregations": {
"ip_ranges": {
"buckets": {
"*-10.0.0.5": {
"to": "10.0.0.5",
"doc_count": 10
},
"10.0.0.5-*": {
"from": "10.0.0.5",
"doc_count": 260
}
}
}
}
}
也可以自定义每个范围的键
resp = client.search(
index="ip_addresses",
size=0,
aggs={
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{
"key": "infinity",
"to": "10.0.0.5"
},
{
"key": "and-beyond",
"from": "10.0.0.5"
}
],
"keyed": True
}
}
},
)
print(resp)
response = client.search(
index: 'ip_addresses',
body: {
size: 0,
aggregations: {
ip_ranges: {
ip_range: {
field: 'ip',
ranges: [
{
key: 'infinity',
to: '10.0.0.5'
},
{
key: 'and-beyond',
from: '10.0.0.5'
}
],
keyed: true
}
}
}
}
)
puts response
const response = await client.search({
index: "ip_addresses",
size: 0,
aggs: {
ip_ranges: {
ip_range: {
field: "ip",
ranges: [
{
key: "infinity",
to: "10.0.0.5",
},
{
key: "and-beyond",
from: "10.0.0.5",
},
],
keyed: true,
},
},
},
});
console.log(response);
GET /ip_addresses/_search
{
"size": 0,
"aggs": {
"ip_ranges": {
"ip_range": {
"field": "ip",
"ranges": [
{ "key": "infinity", "to": "10.0.0.5" },
{ "key": "and-beyond", "from": "10.0.0.5" }
],
"keyed": true
}
}
}
}
响应
{
...
"aggregations": {
"ip_ranges": {
"buckets": {
"infinity": {
"to": "10.0.0.5",
"doc_count": 10
},
"and-beyond": {
"from": "10.0.0.5",
"doc_count": 260
}
}
}
}
}