Many of the logs generated by our customers include IP information. The Coralogix Geo Enrichment enables you to automatically add IP based geographical information to your logs in the form of new fields that can be queried, visualized, and reported on.
Some of these fields are:
The Country name, City name, Continent name, postal_code, and location geo_point.
Look at the example below. I have marked the fields that have been added once the enrichment was added.
To get started, simply navigate to the Data Flow menu, click on Data Enrichment and scroll to the Geo Enrichment section. In this section, you can define the fields in your logs that contain the IP fields that you would like to enrich with Geo information.
If you don’t have your IP fields set, or your data isn’t in JSON formatted, you can use Coralogix’s Rules Engine to extract the IP addresses found in your log records using the “Extract” or “Parse” rules.
Once you define the IP field, Coralogix will add geographical information to the logs based on the selected fields.
Note that these fields won’t be added if the enrichment DB does not have the queried IP.
You can see that the object clientIp_geoip was added to the log and it includes geographical information based on the IP address found in the field Ip. These added fields can now be queried and used to generate visualizations and alerts (including ‘Coordinate map’ type Kibana visualizations).
Geo Enrichment is currently opened for a limited number of users. Do you want to join the group? Shoot us an email at [email protected] or chat with us 🙂