Many of the logs generated by our customers include IP information. The Coralogix Geo Enrichment enables you to automatically add IP based geographical information to your logs in the form of new fields that can be queried, visualized, and reported on.
To get started, simply navigate to the settings menu, click on “Enrich” and scroll to the “Geo Enrichment” section. In this section, you can define the fields in your logs that contain the IP fields that you would like to enrich with Geoinformation.
If you don’t have your IP fields set, or your data isn’t in JSON formatted, you can use Coralogix’s Rules Engine to extract the IP addresses found in your log records using the “Extract” or “Parse” rules.
Once you define the IP field, Coralogix will add geographical information to the logs based on the selected fields. This is a log with the field IpAddress:
This is the same log after IpAddress was defined as the field for Geo Enrichment:
You can see that the object event_data_IpAddress_geoip was added to the log and it includes geographical information based on the IP address found in the field IpAddress. These added fields can now be queried and used to generate visualizations and alerts (including ‘Coordinate map’ type Kibana visualizations).
Geo Enrichment is currently opened for a limited number of users. Do you want to join the group? Shoot us an email at firstname.lastname@example.org or chat with us 🙂