Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Lookup Functions - geoip

Table of contents
  1. geoip

geoip

  • geoip(ip_address)

The command geoip converts IP address to geographic information.

let {}=geoip(clientIP_success)

or

let {country,city,countryCode,isp,org,latitude,longitude} = geoip(ipAddress)

Example:

search {from="-7d@d", to="@d"} sContent("@source","cloudtrail")
let {sourceIPAddress,eventSource,eventName} =f("@cloudtrail")
where eventSource=="ec2.amazonaws.com" and sContains(eventName,"Describe")==false
aggregate count_sourceIPAddress=count() by sourceIPAddress
let {}=geoip(sourceIPAddress)