After applying Enrichment, a log displays additional information not collected initially during log collection. For example, we have a device with an IP Address of 129.256.3.192 that user Bob uses. Logs collected from that device may not contain all the details about Bob, like his department, location, and phone number. But we do have all this additional information in a .csv file. If the IP Address in a log matches the IP of Bob’s device, we insert additional information from the .csv file to the log.
The below screenshot shows the difference between unenriched and enriched logs.
Unenriched Log Sample¶
Enriched Log Sample¶