Geo

Top Level Fieldset: False

Geo fields contain information about the location related to an event, which can be derived from the log source or IP enrichment.

Fields from geo can only be found at the following locations:

• source.geo
• destination.geo

Geo Fields

geo.city_name

Required Field: False
Type: STRING
Example: San Francisco
Detection Supported Field: True

Name of the city.

geo.continent_code

Required Field: False
Type: STRING
Example: NA
Detection Supported Field: True

Two-letter code representing continent’s name.

Allowed Values

geo.continent_name

Required Field: False
Type: STRING
Example: North America
Detection Supported Field: True

Name of the continent.

Allowed Values

geo.country_iso_code

Required Field: False
Type: STRING
Example: US
Detection Supported Field: True

ISO code of the country.

geo.country_name

Required Field: False
Type: STRING
Example: United States of America
Detection Supported Field: True

Name of the country.

geo.location

Required Field: False
Type: LAT_LON
Example: {'lon': -73.61483, 'lat': 45.505918}
Detection Supported Field: False

Longitude and latitude.

geo.name

Required Field: False
Type: STRING
Example: sf-office
Detection Supported Field: True

Description of the specific location, such as an office name or floor number.

geo.postal_code

Required Field: False
Type: STRING
Example: 94016
Detection Supported Field: True

Postal code or ZIP code associated with the location. This value will vary depending on the country.

geo.region_iso_code

Required Field: False
Type: STRING
Example: US-CA
Detection Supported Field: True

ISO code of the region or state.

geo.region_name

Required Field: False
Type: STRING
Example: California
Detection Supported Field: True

Name of the region or state.

geo.timezone

Required Field: False
Type: STRING
Example: America/Los_Angeles
Detection Supported Field: True

IANA timezone name of the location.