Using geoip at drilldown

Question

Hi,at https://servicedesk.logpoint.com/hc/en-us/community/posts/360008777778-How-To-video-Using-GeoIP-with-LogPoint Kalyan Bhetwal provided the following query:norm_id=*  destination_address=* -destination_address in HOMENET  | chart count() by destination_address, country order by count() desc limit 10 | process geoip(destination_address) as country To my comment “With the ‘new’ query it's not possible to make a drill down.” he wrote:We will have a new feature in upcoming version of logpoint where the geoip used after chart count() will also be present in drilldown. This will solve the drilldown problem. What about the new feature? At the moment, it’s still not possible to make a drill down.I use Logpiont 6.12.1.Best regards,Hans Vedder

Rupsan Shrestha · Answer

Hello Hans,This feature is still in the pipeline asthere seems to be a simple workaround for this use case. We can apply a static enrichment on the incoming logs by using “GeoIp_source_address”enrichment source.However, this may not work for mapping the destination address traffic as the enrichment source matches the “source_address” not the “destination_address”We cannot drill down right now as the logs are enriched only at the time of the search lookup when process command is used. This information will not persist in the actual logs if static enrichment is not configured.We will update regarding this usecase once this feature is available through dynamic enrichment.

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded