Geolocation Sub-Fields¶
- Geo fields have data referencing location of event/host/ip
- Geo fields apply to source, destination, and host entities
| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
| …_geo_city | Hamburg, Houston | keyword | City Name |
| …_geo_continent | America | keyword | Continent Name |
| …_geo_country_iso | US, DE, CA | keyword | Country ISO Alpha-2 code |
| …_geo_country | USA, Canada | keyword | Country Name |
| …_geo_coordinates | 34.1186,-118.3004 | keyword | Latitude, Longitude Coordinate |
| …_geo_name | Hamburg, DE | keyword | Location Name, can be derived by combining other values |
| …_geo_state | Hamburg | keyword | State name |