iplocation
Description
Extracts location information from an IP address.
Syntax
iplocation <ip-address-fieldname>
Required Arguments
| Parameter | Syntax | Description |
|---|---|---|
ip-address-fieldname | <field> | Name of the field that contains the IP address, such as clientip. |
Example Queries
Example #1
source server_ip
| iplocation 'ip'
Example #2
source server_ip
| rename ip as clientip
| iplocation clientip
Example #3
source server_ip
| iplocation 'ip'
| where country == "United States"
| eval location = mvappend(latitude, longitude)
Example #4
source server_ip
| iplocation 'ip'
| where country == "Russia"