You can use GEOIP process command to add geographical data of IP Address in logs without Adding Enrichment Source and Adding Enrichment Policy.
Syntax:
| process geoip (fieldname)
Example Query:
| process geoip (source_address)
The above query enriches logs with country_name, region_name, city_name, postal_code, longitude, latitude, and timezone values associated with the source_address field.
The example below shows an enriched public IP log.
GEOIP Process Command for public IP¶
The example below shows an enriched private IP log.
GEOIP Process Command for private IP¶