geo_info_from_ip_address()

Applies to: ✅ Azure Data ExplorerAzure MonitorMicrosoft Sentinel

Retrieves geolocation information about IPv4 or IPv6 addresses.

Syntax

geo_info_from_ip_address(IpAddress )

Learn more about syntax conventions.

Parameters

Name Type Required Description
IpAddress string ✔️ IPv4 or IPv6 address to retrieve geolocation information about.

Returns

A dynamic object containing the information on IP address whereabouts (if the information is available). The object contains the following fields:

Name Type Description
country string Country name
state string State (subdivision) name
city string City name
latitude real Latitude coordinate
longitude real Longitude coordinate

Note

  • IP geolocation is inherently imprecise; locations are often near the center of the population. Any location provided by this function should not be used to identify a particular address or household.
  • This function uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
  • The function is also built on the MaxMind DB Reader library provided under ISC license.

Note

To further manipulate the resulting array, see dynamic object accessors.

Examples

print ip_location=geo_info_from_ip_address('20.53.203.50')

Output

ip_location
{"country": "Australia", "state": "New South Wales", "city": "Sydney", "latitude": -33.8715, "longitude": 151.2006}
print ip_location=geo_info_from_ip_address('2a03:2880:f12c:83:face:b00c::25de')

Output

ip_location
{"country": "United States", "state": "Florida", "city": "Boca Raton", "latitude": 26.3594, "longitude": -80.0771}