IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« File Fields Group Fields »
Elastic Docs Elastic Common Schema (ECS) Reference [1.8] ECS Field Reference

Geo Fields

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Geo Fields

edit

Geo fields can carry data about a specific location related to an event.

This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.

Geo Field Details

edit
Field Description Level

geo.city_name

City name.

type: keyword

example: Montreal

core

geo.continent_name

Name of the continent.

type: keyword

example: North America

core

geo.country_iso_code

Country ISO code.

type: keyword

example: CA

core

geo.country_name

Country name.

type: keyword

example: Canada

core

geo.location

Longitude and latitude.

type: geo_point

example: { "lon": -73.614830, "lat": 45.505918 }

core

geo.name

User-defined description of a location, at the level of granularity they care about.

Could be the name of their data centers, the floor number, if this describes a local physical entity, city names.

Not typically used in automated geolocation.

type: keyword

example: boston-dc

extended

geo.region_iso_code

Region ISO code.

type: keyword

example: CA-QC

core

geo.region_name

Region name.

type: keyword

example: Quebec

core

Field Reuse

edit

The geo fields are expected to be nested at: client.geo, destination.geo, host.geo, observer.geo, server.geo, source.geo.

Note also that the geo fields are not expected to be used directly at the root of the events.

« File Fields Group Fields »