ipLocation( ) Query Function

Determine country, city, and long/latitude for an IP address (ipv4 or ipv6). The attributes ip.country, ip.city, ip.lon, ip.lat are added to the event.

Humio includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com — by default the database is automatically updated if the cluster is running with a valid Humio license. See documentation on MaxMind for more information.

In order to use your own MaxMind database, place it in the Humio data directory as IpLocationDb.mmdb and run Humio with environment variable AUTO_UPDATE_IP_LOCATION_DB set to false. You must use a database that includes city information, e.g. GeoLite2 City.

Parameters

Name Type Required Default Description
field string No ip The field from which to get the IP address
as string No Name the prefix to add to fields added by the ipLocation function. Defaults to ‘.’ (the name of the field from which to get the IP address).

field is the unnamed parameter.

Examples

Based on the field ip, the attributes ip.country, ip.city, ip.lon and ip.lat are added to the event.

ipLocation()

Based on the field address, the attributes address.country, address.city, address.lon and address.lat are added to the event.

ipLocation(field=address)

Based on the field ip, the attributes address.country, address.city, address.lon and address.lat are added to the event.

ipLocation(as=address)