Geoip
LogZilla App Store application: Geoip
Overview
App Function
The GeoIP app is a supplemental app. It is not stand-alone; it is intended to
run after other user-specified apps run. Prior apps will set the SrcIP and
DstIP user tags based on their own functioning. Then the GeoIP app will use
geoip lookup for both SrcIP and DstIP and set additional tags with that
information.
Incoming Log Format
The GeoIP app does not process logs. It processes SrcIP and DstIP user tags
that are set by other installed apps.
User Tags
| Tagged | Field Name | Example | Description |
|---|---|---|---|
| ☑ | SrcIP City | Atlanta | the city for the IP in SrcIP |
| ☑ | SrcIP State | Georgia | the state or province for the IP in SrcIP |
| ☑ | SrcIP Country | United States | the country for the IP in SrcIP |
| ☑ | DstIP City | Toronto | the city for the IP in DstIP |
| ☑ | DstIP State | Ontario | the state or province for the IP in DstIP |
| ☑ | DstIP Country | Canada | the country for the IP in DstIP |
Note that in some cases the geoip lookup is not able to determine specific
location information, in which case usually the country is available but the
city and state may not be. The city, state, and if applicable country fields
will be set to Unknown for these cases.
High-Cardinality (HC) Tags
textHC_TAGS={ "SrcIP City", "DstIP City" }