GeoIP Transform

The Vector geoip transform enriches logs from MaxMind GeoIP2 and GeoLite2 city databases.

Requirements

MaxMind GeoIP2 and GeoLite2 city databases >= 2 is required.

Configuration

Common
Advanced

vector.toml
vector.yaml
vector.json

[transforms.my_transform_id]
  type = "geoip" # required
  inputs = ["my-source-or-transform-id"] # required
  database = "/path/to/GeoLite2-City.mmdb" # required
  source = "ip_address" # required
  target = "geoip" # optional, default

commonrequiredstring
database
Path to the MaxMind GeoIP2 or GeoLite2 binary city database file (GeoLite2-City.mmdb). Other databases, such as the the country database are not supported.
- View examples
commonrequiredstring
source
The field name that contains the IP address. This field should contain a valid IPv4 or IPv6 address.
- View examples
commonoptionalstring
target
The default field to insert the resulting GeoIP data into. See output for more info.
- Default: "geoip"
- View examples

Output

This component outputs log events with the following fields:

{
  "geoip" : {
    "city_name" : "New York",
    "continent_code" : "AF",
    "country_code" : "US",
    "latitude" : "51.75",
    "longitude" : "-1.25",
    "postal_code" : "07094",
    "timezone" : "America/New_York"
  }
}

commonrequiredtable
geoip
The root field containing all geolocation data as sub-fields.
- commonrequiredstring
  city_name
  The city name associated with the IP address.
  - View examples
- enumcommonrequiredstring
  continent_code
  The continent code associated with the IP address.
  - Enum, must be one of: "AF" "AN" "AS" "EU" "NA" "OC" "SA"
  - View examples
- commonrequiredstring
  country_code
  The ISO 3166-2 country codes associated with the IP address.
  - View examples
- commonrequiredstring
  latitude
  The latitude associated with the IP address.
  - View examples
- commonrequiredstring
  longitude
  The longitude associated with the IP address.
  - View examples
- commonrequiredstring
  postal_code
  The postal code associated with the IP address.
  - View examples
- commonrequiredstring
  timezone
  The timezone associated with the IP address in IANA time zone format. A full list of time zones can be found here.
  - View examples

Telemetry

This component provides the following metrics that can be retrieved through the internal_metrics source. See the metrics section in the monitoring page for more info.

counter
processed_events_total
The total number of events processed by this component. This metric includes the following tags:
- component_kind - The Vector component kind.
- component_name - The Vector component ID.
- component_type - The Vector component type.
- file - The file that produced the error
- instance - The Vector instance identified by host and port.
- job - The name of the job producing Vector metrics.
counter
processed_bytes_total
The total number of bytes processed by the component. This metric includes the following tags:
- component_kind - The Vector component kind.
- component_name - The Vector component ID.
- component_type - The Vector component type.
- instance - The Vector instance identified by host and port.
- job - The name of the job producing Vector metrics.

#Requirements

#Configuration

#database

#source

#target

#Output

#geoip

#city_name

#continent_code

#country_code

#latitude

#longitude

#postal_code

#timezone

#Telemetry

#processed_events_total

#processed_bytes_total

#How It Works

Requirements

Configuration

database

source

target

Output

geoip

city_name

continent_code

country_code

latitude

longitude

postal_code

timezone

Telemetry

processed_events_total

processed_bytes_total

How It Works