--- title: GeoIP Parser description: >- Extract continent, country, subdivision, or city information from an IP address breadcrumbs: Docs > Log Management > Log Configuration > Processors > GeoIP Parser --- # GeoIP Parser ## Overview{% #overview %} The geoIP parser takes an IP address attribute and extracts continent, country, subdivision, or city information (if available) in the target attribute path. {% image source="https://docs.dd-static.net/images/logs/log_configuration/processor/geoip_processor.ee9ab4000a95fc2f22ada17a8b4ecf63.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/logs/log_configuration/processor/geoip_processor.ee9ab4000a95fc2f22ada17a8b4ecf63.png?auto=format&fit=max&w=850&dpr=2 2x" alt="GeoIP Processor" /%} Most elements contain a `name` and `iso_code` (or `code` for continent) attribute. `subdivision` is the first level of subdivision that the country uses such as "States" for the United States or "Departments" for France. For example, the geoIP parser extracts location from the `network.client.ip` attribute and stores it into the `network.client.geoip` attribute: {% image source="https://docs.dd-static.net/images/logs/log_configuration/processor/geoip_example_blurred.34a8188d395cd82d0968d935fb99c041.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/logs/log_configuration/processor/geoip_example_blurred.34a8188d395cd82d0968d935fb99c041.png?auto=format&fit=max&w=850&dpr=2 2x" alt="GeoIP example" /%} ## Use cases{% #use-cases %} The most common use case is detecting the location of a specific user. For example, the GeoIP Parser is used for iOS logs to provide the location of the user identified in the logs. ## Before and after state of logs{% #before-and-after-state-of-logs %} {% collapsible-section %} #### Example: Enriching logs with GeoIP information **Before:** ```json { "network": { "client": { "ip": "203.0.113.42" } }, "http": { "method": "GET", "url": "/checkout", "status_code": 200 } } ``` **GeoIP Parser** Create a GeoIP Parser with source attribute `network.client.ip` and a target root attribute: `network.client.geoip`. **After processing:** ```json { "network": { "client": { "ip": "203.0.113.42", "geoip": { "country": { "iso_code": "US", "name": "United States" }, "city": { "name": "New York" }, "location": { "lat": 40.7128, "lon": -74.0060 } } } }, "http": { "method": "GET", "url": "/checkout", "status_code": 200 } } ``` {% /collapsible-section %} ## API{% #api %} Use the [Datadog Log Pipeline API endpoint](https://docs.datadoghq.com/api/v1/logs-pipelines.md) with the following geoIP parser JSON payload: ```json { "type": "geo-ip-parser", "name": "Parse the geolocation elements from network.client.ip attribute.", "is_enabled": true, "sources": ["network.client.ip"], "target": "network.client.geoip" } ``` | Parameter | Type | Required | Description | | ------------ | ---------------- | -------- | ------------------------------------------------------------------------------------------------------------------------- | | `type` | String | Yes | Type of the processor. | | `name` | String | No | Name of the processor. | | `is_enabled` | Boolean | No | If the processor is enabled or not. Default: `false`. | | `sources` | Array of strings | No | Array of source attributes. Default: `network.client.ip`. | | `target` | String | Yes | Name of the parent attribute that contains all the extracted details from the `sources`. Default: `network.client.geoip`. | ## Further reading{% #further-reading %} - [Discover Datadog Pipelines](https://docs.datadoghq.com/logs/log_configuration/pipelines.md)