Geo Enrichment
Overview
Use Geo Enrichment to automatically add IP-based geographical information to your logs. This data is added as new fields, making it available for querying, visualization, and reporting. Some of the fields included are country, city, continent, postal_code, and location geo_point.
Getting started
- Navigate to Data Flow, then Data Enrichment. Select Enrich geo location to open the editor.
- Specify the fields in your logs that contain the IP addresses to enrich with geographical information.
- Select Add ASN information to also add ASN (Autonomous System Number) information about the networks or organizations that manage the IP addresses.
Note
- To add ASN information to an existing geo enrichment, select the enrichment row to open the editor, then enable Add ASN information.
- If you don't have your IP fields set, or your data isn't JSON-formatted, use Coralogix's Rules Engine to extract the IP addresses from your log records using the Extract or Parse rule types.
- Geo enrichment data is not added if the enrichment database does not contain the queried IP.
Once you define the IP field, Coralogix will add geographical information to the logs based on the selected fields. The fields in the example below were added in the enrichment process and include ASN information as well.
{
"clientIp_geoip": {
"ip": "147.237.70.107",
"ip_ipaddr": "147.237.70.107",
"location_geopoint":{,
"lat": "32.0668",
"lon": "34.7649"
}
"asn": {
"number": 12400,
"organization": "Partner Communications Ltd."
}
"continent_name": "Asia",
"country_name": "Israel",
"city_name": "Tel Aviv",
"postal_code": "null"
}
}
You can see that the object clientIp_geoip was added to the log. It includes geographical information based on the IP address found in the IP field. These added fields can now be queried and used to generate visualizations and alerts.
Additional resources
Understanding Geo Enrichment for IP Addresses
Thank you for your feedback!
Theme
Light