Overview

The geoIP parser takes an IP address attribute and extracts continent, country, subdivision, or city information (if available) in the target attribute path.

Most elements contain a name and iso_code (or code for continent) attribute. subdivision is the first level of subdivision that the country uses such as “States” for the United States or “Departments” for France.

For example, the geoIP parser extracts location from the network.client.ip attribute and stores it into the network.client.geoip attribute:

Use cases

The most common use case is detecting the location of a specific user. For example, the GeoIP Parser is used for iOS logs to provide the location of the user identified in the logs.

Before and after state of logs

{
  "network": {
    "client": {
      "ip": "203.0.113.42"
    }
  },
  "http": {
    "method": "GET",
    "url": "/checkout",
    "status_code": 200
  }
}

{
  "network": {
    "client": {
      "ip": "203.0.113.42",
      "geoip": {
        "country": {
          "iso_code": "US",
          "name": "United States"
        },
        "city": {
          "name": "New York"
        },
        "location": {
          "lat": 40.7128,
          "lon": -74.0060
        }
      }
    }
  },
  "http": {
    "method": "GET",
    "url": "/checkout",
    "status_code": 200
  }
}

API

Use the Datadog Log Pipeline API endpoint with the following geoIP parser JSON payload:

{
  "type": "geo-ip-parser",
  "name": "Parse the geolocation elements from network.client.ip attribute.",
  "is_enabled": true,
  "sources": ["network.client.ip"],
  "target": "network.client.geoip"
}

Further reading

Additional helpful documentation, links, and articles:

Discover Datadog PipelinesDOCUMENTATION