Setting Up the Geographical Database
You can use the
geoiplookup() function in
LogLogic LMI to search logs that originated from a particular geographical area such as location, country, city, and postal code. You can use the function within SQL and EQL queries, in Advanced Search, and in a Geomap widget on the Advanced Dashboards. The Geomap widget gives you a unified view of your data visualization and its geographical distribution. For example, you can plot VPN connection logs and the IP addresses from which they originate. The widget displays the IP addresses as points or a bubble chart on the geographical map.
To use the
geoiplookup() function to fetch the geographical information of a specified IP address, an administrator must download the appropriate MaxMind database file (.mmdb) to the
/loglogic/data/geoIP directory on the appliance.
Note: When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
Important Considerations
- The function can use only one MaxMind database file (.mmdb file) at a time. Therefore, ensure that the /loglogic/data/geoIP directory includes only one file.
- In a Management Station setup, you must copy the .mmdb file to each Remote Appliance.
- In a High Availability environment, the .mmdb file on the active appliance is automatically replicated on the standby appliance.
Note: If you replace the .mmdb file, you do not need to restart the appliance.
Related Topics
For more information, see the following topics in the TIBCO LogLogic® Log Management Intelligence User Guide:
- Description of the
geoiplookup()function and its parameters: Predefined Functions - Search query examples: Search Examples
- Configuration and usage of the widget: Geomap Widget