Geo IP location for all logs in Log Explorer

Question

Good Day,Is there a way to turn on Geo IP location for the logs that have Source IP data in them?  So for example I can see the Caller IP in the following log but no country code or GEO location and we want to add this.  Is there way to do this without using Chronicle or anything like that?"requestMetadata": {"callerIp": "174.95.10.102","callerSuppliedUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36,gzip(gfe),gzip(gfe)","requestAttributes": {"time": "2023-09-09T13:35:56.357323112Z","auth": {}},

reincoder · Accepted Answer

If you can bring your logs to BigQuery, you can use IPinfo's IP to Country ASN data from Analytics Hub to run the queries against the log. The database is updated daily and is free to use.

https://console.cloud.google.com/bigquery/analytics-hub/exchanges/projects/318570798575/locations/us/dataExchanges/ipinfo_free_ip_to_country_and_asn_database_18830e0f2d0/listings/ipinfo_free_ip_to_country_and_asn_database_188435394e9

Example code:

SELECT

  logs.IP, -- IP columns from the table

  country_asn.* -- Result from country_asn table lookup

FROM

  `analyticshub_free_country_asn.log_data` AS logs

JOIN

  `analyticshub_free_country_asn.country_asn` AS country_asn

ON

  NET.IP_FROM_STRING(logs.IP) BETWEEN NET.IP_FROM_STRING(country_asn.start_ip)

  AND NET.IP_FROM_STRING(country_asn.end_ip);

Here is what the output will look like:

Thanks.

So outside of big query there is no way to do this in something like Log Explorer? I am guessing not but figured I would ask.

Thx

reincoder · Answer

Thanks.So outside of big query there is no way to do this in something like Log Explorer?  I am guessing not but figured I would ask.ThxNot to my knowledge. I believe Log Explorer does not have any support for log data enrichment.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded