Add a IP lookup field formatter

[timroes]

We currently have a static lookup field formatter which allows to map values to other strings. This is sometimes used by users to assign known ip addresses a name, like

It would be nice if we would have a more specific "IP lookup" field formatter available, that allows specifying ip ranges/subnets as keys, so that users could e.g. do something like 10.0.10.0/24 -> Office Amsterdam more easily.

[elasticmachine]

Pinging @elastic/kibana-app-arch (Team:AppArch)

[archon810]

Ideally, for the case of a subnet/IP range, the IP would be visible as well, not just the replacement value. Perhaps a special variable for the value of the matched key ($VALUE or something) or just the ability to specify a field name (source.ip)?

[timroes]

We could only use the original value as e.g. {value} in there. We don't have the full document in all cases that will be formatted (e.g. imagine a chart were we aggregated on the field, so this will be a bucket in the elasticsearch response, there are no "individual" field of any document left, except the value for that bucket. But making {value} available as the original value, is something that we should add for this one (I also see how this is more use for this, than for the regular lookup field formatter).

[ppisljar]

Thank you for contributing to this issue, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this feature/bug should still be considered, please reopen with a comment.

[archon810]

This would still be a nice feature to add.