You can use GEOIP process command to add geographical data of IP Address in logs without having to configure enrichment source and enrichment policy.
Syntax:
| process geoip (fieldname)
Example Query:
| process geoip (source_address)
The above query enriches logs with country_name, region_name, city_name, postal_code, longitude, latitude, and timezone values associated with the source_address field.
The following screenshot shows an enriched public IP log.
GEOIP Process Command for public IP¶
The following screenshot shows an enriched private IP log.
GEOIP Process Command for private IP¶