IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

Geo Fields

edit

Geo Fields

edit

Geo fields can carry data about a specific location related to an event.

This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.

Geo Field Details

edit

Field	Description	Level
geo.city_name	City name. type: keyword example: `Montreal`	core
geo.continent_code	Two-letter code representing continent’s name. type: keyword example: `NA`	core
geo.continent_name	Name of the continent. type: keyword example: `North America`	core
geo.country_iso_code	Country ISO code. type: keyword example: `CA`	core
geo.country_name	Country name. type: keyword example: `Canada`	core
geo.location	Longitude and latitude. type: geo_point example: `{ "lon": -73.614830, "lat": 45.505918 }`	core
geo.name	User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. type: keyword example: `boston-dc`	extended
geo.postal_code	Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. type: keyword example: `94040`	core
geo.region_iso_code	Region ISO code. type: keyword example: `CA-QC`	core
geo.region_name	Region name. type: keyword example: `Quebec`	core
geo.timezone	The time zone of the location, such as IANA time zone name. type: keyword example: `America/Argentina/Buenos_Aires`	core

Field Reuse

edit

The geo fields are expected to be nested at:

client.geo
destination.geo
host.geo
observer.geo
server.geo
source.geo
threat.enrichments.indicator.geo
threat.indicator.geo

Note also that the geo fields are not expected to be used directly at the root of the events.

« File Fields Group Fields »