0

I'm new to elasticsearch and I'm trying to use it for my web development college project. Is it possible to aggregate the data below by a specific subset of the IP address? 

{
    {
        "ip": "192.168.0.1",
        "host": "Gateway"
    },
    {
        "ip": "192.168.2.3",
        "host": "A"
    },
    {
        "ip": "192.168.2.4",
        "host": "B"
    }
}

I want to be able to aggregate totals based ip address subset of xxx.xxx.2.* so the total value should return 2, (host: A and B)

Thanks in advance!

codeBarer
  • 2,238
  • 7
  • 44
  • 75

1 Answers1

1

You can use Wildcard Query if you want to get total value only. Like:

post ipaddress\data\_search
{
    "query":{
        "bool" : {
            "must" : {
                "wildcard" : { "ip" : "*.*.2.*" }
            }
        }    
    }
}
Stanislav
  • 576
  • 3
  • 11
  • can all numbers be aggregated in the 3rd address block? for instance if there were 3's and 2's in that block I can aggregate totals based values? – codeBarer Sep 15 '14 at 16:52