IP to Geo conversion can be done at the Agent or via the UI. More on IP to Geolocation, see here.
The default Cloud9Agent distribution does not bundle the MaxMind database. To enable it:
- Download MaxMind database from https://dev.maxmind.com/geoip/geolite2-free-geolocation-data.
- Unzip the file and place into the lib folder.
- Restart.
Example:
[
{
"entityName":"Location Data",
"dsName":"demoMongo",
"queryStr":"db.users.find()",
"c9QLFilter":"select ip_to_geo(ipAddress); select distinct * where latitude is not null and city is not null",
"frequencyType":"daily",
"frequency":1,
"startTime": "04:00",
"overrideVals":{
"replaceAll":true
}
}
]
The above example gets data from MongoDB and for the ipAddress field, executes ip_to_geo to obtain location information. The second statement further manipulates the data to filter out empty city and latitude data.