Adding GeoIP Lookup

App Function

This app is a supplemental app. It is not stand-alone; it is intended to run after other user-specified apps run. Prior apps will set the SrcIP and DstIP user tags based on their own functioning. Then this app will use geoip lookup for both SrcIP and DstIP and set additional tags with that information.

Incoming Log Format

This app does not process logs. It processes SrcIP and DstIP user tags that are set by other installed apps.

User Tags

Tagged	Field Name	Example	Description
☑	`SrcIP City`	`Atlanta`	the city for the IP in `SrcIP`
☑	`SrcIP State`	`Georgia`	the state or province for the IP in `SrcIP`
☑	`SrcIP Country`	`United States`	the country for the IP in `SrcIP`
☑	`DstIP City`	`Toronto`	the city for the IP in `DstIP`
☑	`DstIP State`	`Ontario`	the state or province for the IP in `DstIP`
☑	`DstIP Country`	`Canada`	the country for the IP in `DstIP`

Note that in some cases the geoip lookup is not able to determine specific location information, in which case usually the country is available but the city and state may not be. The city, state, and if applicable country fields will be set to Unknown for these cases.

HC Tags

HC_TAGS={
     "SrcIP City",
     "DstIP City"
 }