LOG

GeoIP Transform

The Vector geoip transform accepts and outputs log events allowing you to enrich events with geolocation data from the MaxMind GeoIP2 and GeoLite2 city databases.

Configuration

vector.toml
[transforms.my_transform_id]
  # REQUIRED
  type = "geoip" # must be: "geoip"
  inputs = ["my-source-id"] # example
  database = "/path/to/GeoLite2-City.mmdb" # example
  source = "ip_address" # example


  # OPTIONAL
  target = "geoip" # default

Options

3 items
stringcommonrequired

database

Path to the MaxMind GeoIP2 or GeoLite2 binary city database file (GeoLite2-City.mmdb). Other databases, such as the the country database are not supported.

No default
View examples
stringcommonrequired

source

The field name that contains the IP address. This field should contain a valid IPv4 or IPv6 address.

No default
View examples
stringcommonrequired

target

The default field to insert the resulting GeoIP data into. See output for more info.

Default: "geoip"
View examples

Output

The geoip transform accepts and outputs log events allowing you to enrich events with geolocation data from the MaxMind GeoIP2 and GeoLite2 city databases. For example:

{
  "geoip": {
    "city_name": "New York",
    "continent_code": "AF",
    "country_code": "US",
    "latitude": "51.75",
    "longitude": "-1.25",
    "postal_code": "07094",
    "timezone": "America/New_York"
  }
}

More detail on the output schema is below.

structoptional

geoip

The root field containing all geolocation data as sub-fields.

stringcommonrequired

city_name

The city name associated with the IP address.

No default
View examples
stringenumcommonrequired

continent_code

The continent code associated with the IP address.

No default
Enum, must be one of: "AF" "AN" "AS" "EU" "NA" "OC" "SA"
View examples
stringcommonrequired

country_code

The ISO 3166-2 country codes associated with the IP address.

No default
View examples
stringcommonrequired

latitude

The latitude associated with the IP address.

No default
View examples
stringcommonrequired

longitude

The longitude associated with the IP address.

No default
View examples
stringcommonrequired

postal_code

The postal code associated with the IP address.

No default
View examples
stringcommonrequired

timezone

The timezone associated with the IP address in IANA time zone format. A full list of time zones can be found here.

No default
View examples

How It Works

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.

Support
Contents
Resources