Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]Add geoip function to PPL for IP address geolocation #3038

Open
YANG-DB opened this issue Sep 16, 2024 · 3 comments · May be fixed by #3085
Open

[FEATURE]Add geoip function to PPL for IP address geolocation #3038

YANG-DB opened this issue Sep 16, 2024 · 3 comments · May be fixed by #3085
Labels
enhancement New feature or request PPL Piped processing language

Comments

@YANG-DB
Copy link
Member

YANG-DB commented Sep 16, 2024
edited
Loading

Description:
We propose adding an geoip function to OpenSearch's Piped Processing Language (PPL) and SQL to provide built-in IP address geolocation capabilities.
This feature would be similar to functionality used in OpenSearch's geospatial feature, enhancing PPL's ability to enrich log data with geographical information based on IP addresses.

Proposed Functionality:

  1. The 'geoip' function should take an IP address as input and return geographical information.
  2. It should support both IPv4 and IPv6 addresses.
  3. The function should return multiple fields including country, region, city, latitude, longitude, and others as available.
  4. It should allow users to specify which geolocation fields to include in the output.
  5. The function should use a regularly updated IP geolocation database for accuracy.

Example Usage:

... | eval geolocation = geoip(ip_field)

This would add a new field 'geolocation' with all available location information for the IP address in 'ip_field'.

... | eval country = geoip(ip_field, "country")
... | eval lat = geoip(ip_field, "lat"), lon = geoip(ip_field, "lon")

This would add new fields with specific geolocation information.

... | eval location_info = geoip(ip_field, "country,region,city,lat,lon")

This would add a new field 'location_info' with multiple pieces of geolocation data.

Additional considerations

  • Allow for using the geospatial opensearch plugin for the ip to geo resolving

Related resources
@YANG-DB YANG-DB added enhancement New feature or request untriaged PPL Piped processing language labels Sep 16, 2024
@YANG-DB YANG-DB mentioned this issue Sep 16, 2024
Open
@dblock dblock removed the untriaged label Oct 7, 2024
@dblock
Copy link
Member

dblock commented Oct 7, 2024

[Catch All Triage - 1, 2, 3, 4]

@kenrickyap
Copy link

Am in the process of implementing this

@kenrickyap kenrickyap linked a pull request Oct 21, 2024 that will close this issue
Open
7 tasks
@kenrickyap
Copy link

kenrickyap commented Oct 24, 2024
edited
Loading

Hi @YANG-DB ,

What was the intended method of leveraging the geospatial plugin?

Following the example of the inclusion of the job-scheduler and ml-commons plugin, I have been trying to import it directly into the project but noticed that the published geospatial plugin on maven has no jar. As such it does not seem possible to directly import the plugin. Is this assumption correct?

If so then, my current plan is to call the endpoint that the geospatial plugin exposes in OpenSearch documented here and communicate with it using the OpenSearchRestClient. Would this be a good path forward? or am I missing something that would make it possible to expose the geospatial plugin?

Thanks!

@kenrickyap kenrickyap mentioned this issue Oct 29, 2024
Open
@YANG-DB YANG-DB changed the title [FEATURE]Add iplocation function to PPL for IP address geolocation [FEATURE]Add geoip function to PPL for IP address geolocation Nov 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request PPL Piped processing language
Projects
PPL Commands
Status: Todo
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[WIP] FEAT(#3038): iplocation command Bit-Quill/opensearch-project-sql
3 participants
@dblock @YANG-DB @kenrickyap