filters by ip address do not work if the elasticsearch field mapping is "ip" #460
Description
ES mapping:
Does not work:
clinet_ip {
type: "ip"
}
As a string works:
client_ip: {
type: "string",
index: "not_analyzed",
omit_norms: true,
index_options: "docs"
}
From the "spy" of the table
curl -XGET 'http://log01:9200/logstash-2013.09.03/_search?pretty' -d '{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"match_all": {}
},
{
"fquery": {
"query": {
"field": {
"@type": {
"query": "\"apache_access_log\""
}
}
},
"_cache": true
}
},
{
"fquery": {
"query": {
"field": {
"@fields.client_ip": {
"query": "192.168.1.2"
}
}
},
"_cache": true
}
},
{
"range": {
"@timestamp": {
"from": 1378229604292,
"to": 1378233204292
}
}
},
{
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
]
}
}
}
},
"highlight": {
"fields": {},
"fragment_size": 2147483647,
"pre_tags": [
"@start-highlight@"
],
"post_tags": [
"@end-highlight@"
]
},
"size": 100,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}'