私のブックマーク
ブックマークを追加
ブックマークを削除IPプレフィックス集約
IPアドレスのネットワークまたはサブネットワークに基づいてドキュメントをグループ化するバケット集約です。IPアドレスは、ネットワークプレフィックスを表す最上位ビットと、ホストを表す最下位ビットの2つのビットグループで構成されています。
例
例えば、次のインデックスを考えてみてください:
Python
resp = client.indices.create(index="network-traffic",mappings={"properties": {"ipv4": {"type": "ip"},"ipv6": {"type": "ip"}}},)print(resp)resp1 = client.bulk(index="network-traffic",refresh=True,operations=[{"index": {"_id": 0}},{"ipv4": "192.168.1.10","ipv6": "2001:db8:a4f8:112a:6001:0:12:7f10"},{"index": {"_id": 1}},{"ipv4": "192.168.1.12","ipv6": "2001:db8:a4f8:112a:6001:0:12:7f12"},{"index": {"_id": 2}},{"ipv4": "192.168.1.33","ipv6": "2001:db8:a4f8:112a:6001:0:12:7f33"},{"index": {"_id": 3}},{"ipv4": "192.168.1.10","ipv6": "2001:db8:a4f8:112a:6001:0:12:7f10"},{"index": {"_id": 4}},{"ipv4": "192.168.2.41","ipv6": "2001:db8:a4f8:112c:6001:0:12:7f41"},{"index": {"_id": 5}},{"ipv4": "192.168.2.10","ipv6": "2001:db8:a4f8:112c:6001:0:12:7f10"},{"index": {"_id": 6}},{"ipv4": "192.168.2.23","ipv6": "2001:db8:a4f8:112c:6001:0:12:7f23"},{"index": {"_id": 7}},{"ipv4": "192.168.3.201","ipv6": "2001:db8:a4f8:114f:6001:0:12:7201"},{"index": {"_id": 8}},{"ipv4": "192.168.3.107","ipv6": "2001:db8:a4f8:114f:6001:0:12:7307"}],)print(resp1)
Ruby
response = client.indices.create(index: 'network-traffic',body: {mappings: {properties: {"ipv4": {type: 'ip'},"ipv6": {type: 'ip'}}}})puts responseresponse = client.bulk(index: 'network-traffic',refresh: true,body: [{index: {_id: 0}},{"ipv4": '192.168.1.10',"ipv6": '2001:db8:a4f8:112a:6001:0:12:7f10'},{index: {_id: 1}},{"ipv4": '192.168.1.12',"ipv6": '2001:db8:a4f8:112a:6001:0:12:7f12'},{index: {_id: 2}},{"ipv4": '192.168.1.33',"ipv6": '2001:db8:a4f8:112a:6001:0:12:7f33'},{index: {_id: 3}},{"ipv4": '192.168.1.10',"ipv6": '2001:db8:a4f8:112a:6001:0:12:7f10'},{index: {_id: 4}},{"ipv4": '192.168.2.41',"ipv6": '2001:db8:a4f8:112c:6001:0:12:7f41'},{index: {_id: 5}},{"ipv4": '192.168.2.10',"ipv6": '2001:db8:a4f8:112c:6001:0:12:7f10'},{index: {_id: 6}},{"ipv4": '192.168.2.23',"ipv6": '2001:db8:a4f8:112c:6001:0:12:7f23'},{index: {_id: 7}},{"ipv4": '192.168.3.201',"ipv6": '2001:db8:a4f8:114f:6001:0:12:7201'},{index: {_id: 8}},{"ipv4": '192.168.3.107',"ipv6": '2001:db8:a4f8:114f:6001:0:12:7307'}])puts response
Js
const response = await client.indices.create({index: "network-traffic",mappings: {properties: {ipv4: {type: "ip",},ipv6: {type: "ip",},},},});console.log(response);const response1 = await client.bulk({index: "network-traffic",refresh: "true",operations: [{index: {_id: 0,},},{ipv4: "192.168.1.10",ipv6: "2001:db8:a4f8:112a:6001:0:12:7f10",},{index: {_id: 1,},},{ipv4: "192.168.1.12",ipv6: "2001:db8:a4f8:112a:6001:0:12:7f12",},{index: {_id: 2,},},{ipv4: "192.168.1.33",ipv6: "2001:db8:a4f8:112a:6001:0:12:7f33",},{index: {_id: 3,},},{ipv4: "192.168.1.10",ipv6: "2001:db8:a4f8:112a:6001:0:12:7f10",},{index: {_id: 4,},},{ipv4: "192.168.2.41",ipv6: "2001:db8:a4f8:112c:6001:0:12:7f41",},{index: {_id: 5,},},{ipv4: "192.168.2.10",ipv6: "2001:db8:a4f8:112c:6001:0:12:7f10",},{index: {_id: 6,},},{ipv4: "192.168.2.23",ipv6: "2001:db8:a4f8:112c:6001:0:12:7f23",},{index: {_id: 7,},},{ipv4: "192.168.3.201",ipv6: "2001:db8:a4f8:114f:6001:0:12:7201",},{index: {_id: 8,},},{ipv4: "192.168.3.107",ipv6: "2001:db8:a4f8:114f:6001:0:12:7307",},],});console.log(response1);
コンソール
PUT network-traffic{"mappings": {"properties": {"ipv4": { "type": "ip" },"ipv6": { "type": "ip" }}}}POST /network-traffic/_bulk?refresh{"index":{"_id":0}}{"ipv4":"192.168.1.10","ipv6":"2001:db8:a4f8:112a:6001:0:12:7f10"}{"index":{"_id":1}}{"ipv4":"192.168.1.12","ipv6":"2001:db8:a4f8:112a:6001:0:12:7f12"}{"index":{"_id":2}}{ "ipv4":"192.168.1.33","ipv6":"2001:db8:a4f8:112a:6001:0:12:7f33"}{"index":{"_id":3}}{"ipv4":"192.168.1.10","ipv6":"2001:db8:a4f8:112a:6001:0:12:7f10"}{"index":{"_id":4}}{"ipv4":"192.168.2.41","ipv6":"2001:db8:a4f8:112c:6001:0:12:7f41"}{"index":{"_id":5}}{"ipv4":"192.168.2.10","ipv6":"2001:db8:a4f8:112c:6001:0:12:7f10"}{"index":{"_id":6}}{"ipv4":"192.168.2.23","ipv6":"2001:db8:a4f8:112c:6001:0:12:7f23"}{"index":{"_id":7}}{"ipv4":"192.168.3.201","ipv6":"2001:db8:a4f8:114f:6001:0:12:7201"}{"index":{"_id":8}}{"ipv4":"192.168.3.107","ipv6":"2001:db8:a4f8:114f:6001:0:12:7307"}
次の集約は、ドキュメントをバケットにグループ化します。各バケットは異なるサブネットワークを識別します。サブネットワークは、24のプレフィックス長を持つネットマスクを各IPアドレスに適用することによって計算されます。ipv4フィールド:
Python
resp = client.search(index="network-traffic",size=0,aggs={"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24}}},)print(resp)
Ruby
response = client.search(index: 'network-traffic',body: {size: 0,aggregations: {"ipv4-subnets": {ip_prefix: {field: 'ipv4',prefix_length: 24}}}})puts response
Js
const response = await client.search({index: "network-traffic",size: 0,aggs: {"ipv4-subnets": {ip_prefix: {field: "ipv4",prefix_length: 24,},},},});console.log(response);
コンソール
GET /network-traffic/_search{"size": 0,"aggs": {"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24}}}}
コンソール-結果
{..."aggregations": {"ipv4-subnets": {"buckets": [{"key": "192.168.1.0","is_ipv6": false,"doc_count": 4,"prefix_length": 24,"netmask": "255.255.255.0"},{"key": "192.168.2.0","is_ipv6": false,"doc_count": 3,"prefix_length": 24,"netmask": "255.255.255.0"},{"key": "192.168.3.0","is_ipv6": false,"doc_count": 2,"prefix_length": 24,"netmask": "255.255.255.0"}]}}}
IPv6アドレスを集約するには、is_ipv6をtrueに設定します。
Python
resp = client.search(index="network-traffic",size=0,aggs={"ipv6-subnets": {"ip_prefix": {"field": "ipv6","prefix_length": 64,"is_ipv6": True}}},)print(resp)
Ruby
response = client.search(index: 'network-traffic',body: {size: 0,aggregations: {"ipv6-subnets": {ip_prefix: {field: 'ipv6',prefix_length: 64,"is_ipv6": true}}}})puts response
Js
const response = await client.search({index: "network-traffic",size: 0,aggs: {"ipv6-subnets": {ip_prefix: {field: "ipv6",prefix_length: 64,is_ipv6: true,},},},});console.log(response);
コンソール
GET /network-traffic/_search{"size": 0,"aggs": {"ipv6-subnets": {"ip_prefix": {"field": "ipv6","prefix_length": 64,"is_ipv6": true}}}}
[](#6a16b05416d7fe2681cf39faf2eb47dd)#### コンソール-結果``````console-result{..."aggregations": {"ipv6-subnets": {"buckets": [{"key": "2001:db8:a4f8:112a::","is_ipv6": true,"doc_count": 4,"prefix_length": 64},{"key": "2001:db8:a4f8:112c::","is_ipv6": true,"doc_count": 3,"prefix_length": 64},{"key": "2001:db8:a4f8:114f::","is_ipv6": true,"doc_count": 2,"prefix_length": 64}]}}}`
パラメータ
field- (必須、文字列) 集約するドキュメントのIPアドレスフィールド。フィールドマッピングタイプは
ipでなければなりません。 prefix_length- (必須、整数) ネットワークプレフィックスの長さ。IPv4アドレスの場合、受け入れられる範囲は
[0, 32]です。IPv6アドレスの場合、受け入れられる範囲は[0, 128]です。 is_ipv6- (オプション、ブール値) プレフィックスがIPv6アドレスに適用されるかどうかを定義します。
prefix_lengthパラメータを指定するだけでは、IPプレフィックスがIPv4またはIPv6アドレスに適用されるかどうかを知るには不十分です。デフォルトはfalseです。 append_prefix_length- (オプション、ブール値) プレフィックス長が応答のIPアドレスキーに追加されるかどうかを定義します。デフォルトは
falseです。 keyed- (オプション、ブール値) バケットが応答で配列ではなくハッシュとして返されるかどうかを定義します。デフォルトは
falseです。 min_doc_count- (オプション、整数) 応答に含まれるバケットの最小ドキュメント数を定義します。デフォルトは
1です。
応答ボディ
key- (文字列) IPv6またはIPv4サブネット。
prefix_length- (整数) バケットを集約するために使用されるプレフィックスの長さ。
doc_count- (整数) 特定のIPプレフィックスに一致するドキュメントの数。
is_ipv6- (ブール値) ネットマスクがIPv6ネットマスクであるかどうかを定義します。
netmask- (文字列) IPv4ネットマスク。
is_ipv6がtrueの場合、このフィールドは応答に含まれません。
キー付き応答
例:#### Python``````pythonresp = client.search(index="network-traffic",size=0,aggs={"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"keyed": True}}},)print(resp)`
Ruby
response = client.search(index: 'network-traffic',body: {size: 0,aggregations: {"ipv4-subnets": {ip_prefix: {field: 'ipv4',prefix_length: 24,keyed: true}}}})puts response
Js
const response = await client.search({index: "network-traffic",size: 0,aggs: {"ipv4-subnets": {ip_prefix: {field: "ipv4",prefix_length: 24,keyed: true,},},},});console.log(response);
コンソール
GET /network-traffic/_search{"size": 0,"aggs": {"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"keyed": true}}}}
コンソール-結果
{..."aggregations": {"ipv4-subnets": {"buckets": {"192.168.1.0": {"is_ipv6": false,"doc_count": 4,"prefix_length": 24,"netmask": "255.255.255.0"},"192.168.2.0": {"is_ipv6": false,"doc_count": 3,"prefix_length": 24,"netmask": "255.255.255.0"},"192.168.3.0": {"is_ipv6": false,"doc_count": 2,"prefix_length": 24,"netmask": "255.255.255.0"}}}}}
IPアドレスキーにプレフィックス長を追加
例:#### Python``````pythonresp = client.search(index="network-traffic",size=0,aggs={"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"append_prefix_length": True}}},)print(resp)`
Ruby
response = client.search(index: 'network-traffic',body: {size: 0,aggregations: {"ipv4-subnets": {ip_prefix: {field: 'ipv4',prefix_length: 24,append_prefix_length: true}}}})puts response
Js
const response = await client.search({index: "network-traffic",size: 0,aggs: {"ipv4-subnets": {ip_prefix: {field: "ipv4",prefix_length: 24,append_prefix_length: true,},},},});console.log(response);
コンソール
GET /network-traffic/_search{"size": 0,"aggs": {"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"append_prefix_length": true}}}}
コンソール-結果
{..."aggregations": {"ipv4-subnets": {"buckets": [{"key": "192.168.1.0/24","is_ipv6": false,"doc_count": 4,"prefix_length": 24,"netmask": "255.255.255.0"},{"key": "192.168.2.0/24","is_ipv6": false,"doc_count": 3,"prefix_length": 24,"netmask": "255.255.255.0"},{"key": "192.168.3.0/24","is_ipv6": false,"doc_count": 2,"prefix_length": 24,"netmask": "255.255.255.0"}]}}}
最小ドキュメント数
#### Python``````pythonresp = client.search(index="network-traffic",size=0,aggs={"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"min_doc_count": 3}}},)print(resp)`
Ruby
response = client.search(index: 'network-traffic',body: {size: 0,aggregations: {"ipv4-subnets": {ip_prefix: {field: 'ipv4',prefix_length: 24,min_doc_count: 3}}}})puts response
Js
const response = await client.search({index: "network-traffic",size: 0,aggs: {"ipv4-subnets": {ip_prefix: {field: "ipv4",prefix_length: 24,min_doc_count: 3,},},},});console.log(response);
コンソール
GET /network-traffic/_search{"size": 0,"aggs": {"ipv4-subnets": {"ip_prefix": {"field": "ipv4","prefix_length": 24,"min_doc_count": 3}}}}
コンソール-結果
{..."aggregations": {"ipv4-subnets": {"buckets": [{"key": "192.168.1.0","is_ipv6": false,"doc_count": 4,"prefix_length": 24,"netmask": "255.255.255.0"},{"key": "192.168.2.0","is_ipv6": false,"doc_count": 3,"prefix_length": 24,"netmask": "255.255.255.0"}]}}}
