Logscape can translate fields containing i.p address data into City,Country and long/latitude coordinates.
Logscape can translate fields containing i.p addresse data into City,Country and long/latitude coordinates.
To use geoip lookups in your data, enable your datatype to perform the look up on particular fields. For instance, if I had data with the following structure
My ip addresses are stored in the field clientIp.
To perform the geo lookup you will need to use groovy synthetic function. The libraries are already included within logscape.
geoipLookup.getLocation(clientip)
This code will return a map containing the countryCode,city and longitude and latitude coordinates.
countryCode:"CN", city:"Beijing" lat:39.928894 long;116.3883
To pull out your countryCode, your synth will look something like this:
groovy-script: def loc = geoipLookup.getLocation(clientIp) return loc.countryCode
This can be reduced to just one line:
groovy-script: geoipLookup.getLocation(clientIp).countryCode
The City Synth Field uses the following groovy script code
groovy-script:
def loc = geoipLookup.getLocation(IpAddress)
if (loc.city != null) {
String result = "'city':'" + loc.city + "',"
result += "'lat':'" + loc.latitude + "',"
result += "'long':'" + loc.longitude + "'"
return result;
}
Save the type when you are done
The visualization is the easy part. Here is an example search
_tag.equals(www) country.count() chart(map)
To include city level bubbles you would use the following search
_tag.equals(www) country.count() city.count() chart(map)
If you data type fields are not labelled country and city respectively you can alias them at search time. If my country data was stored in the field nation my search would look like this
_tag.equals(www) nation.count(,country) chart(map)
The second parameter country to the count analytic is an alias for the field nation.