LOG

GeoIP Transform

The Vector geoip transform accepts log events and allows you to enrich events with geolocation data from the MaxMind GeoIP2 and GeoLite2 city databases.

Configuration

vector.toml
[transforms.my_transform_id]
  # REQUIRED
  type = "geoip" # must be: "geoip"
  inputs = ["my-source-id"] # example
  database = "/path/to/GeoLite2-City.mmdb" # example
  source = "ip_address" # example
  # OPTIONAL
  target = "geoip" # default

Options

3 items
commonstringrequired

database

Path to the MaxMind GeoIP2 or GeoLite2 binary city database file (GeoLite2-City.mmdb). Other databases, such as the the country database are not supported.

No default
View examples
commonstringrequired

source

The field name that contains the IP address. This field should contain a valid IPv4 or IPv6 address.

No default
View examples
commonstringrequired

target

The default field to insert the resulting GeoIP data into. See output for more info.

Default: "geoip"
View examples

Output

The geoip transform accepts log events and allows you to enrich events with geolocation data from the MaxMind GeoIP2 and GeoLite2 city databases. For example:

{
  "geoip": {
    "city_name": "New York",
    "continent_code": [
      "AF",
      "Africa"
    ],
    "country_code": "US",
    "latitude": "51.75",
    "longitude": "-1.25",
    "postal_code": "07094",
    "timezone": "America/New_York"
  }
}

More detail on the output schema is below.

structoptional

geoip

The root field containing all geolocation data as sub-fields.

stringrequired

city_name

The city name associated with the IP address.

No default
View examples
stringenumrequired

continent_code

The continent code associated with the IP address.

No default
Enum, must be one of: "AF" "AN" "AS" "EU" "NA" "OC" "SA"
View examples
stringrequired

country_code

The ISO 3166-2 country codes associated with the IP address.

No default
View examples
stringrequired

latitude

The latitude associated with the IP address.

No default
View examples
stringrequired

longitude

The longitude associated with the IP address.

No default
View examples
stringrequired

postal_code

The postal code associated with the IP address.

No default
View examples
stringrequired

timezone

The timezone associated with the IP address in IANA time zone format. A full list of time zones can be found here.

No default
View examples

How It Works

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.

Support
Contents
Resources