iplocation

Definition

iplocation command uses third party databases to extract location information from an IP address. The command supports IPv4 and IPv6 addresses but also subnets that use CIDR notation.

You can use following optional arguments with iplocation:

Examples

By default, iplocation shows following columns:

  • country

  • lat (shortened from latitude)

  • lon (shortened from longitude)

  • region

  • city

The data shown in columns generated by iplocation is based on the given ip address.

%dpl
| makeresults count=1
| eval ip="91.158.24.3"
| iplocation ip
example of iplocation

Configuring the Geolocation Database

To configure which geolocation database is used in iplocation, use spark.conf interpreter.

%spark.conf
dpl.pth_10.transform.iplocation.db.path=/tmp/GeoLite2-City.mmdb

allfields

Use allfields argument to show more columns provided by the geolocation database.By default, allfields is set to false.

%dpl
| makeresults count=1
| eval ip="91.158.24.3"
| iplocation allfields=true ip
example of iplocation allfields

lang

You can change in which language iplocation information is shown by using lang argument.The language availability depends on which geolocation database is used.

%dpl
| makeresults count=1
| eval ip="91.158.24.3"
| iplocation lang=ja ip
example of iplocation lang

prefix

Use prefix argument to add a prefix to column titles generated by iplocation.

%dpl
| makeresults count=1
| eval ip="91.158.24.3"
| iplocation prefix=ip_ ip
example of iplocation prefix