One of the files available for editing in the Services Config view > Files tab is GeoPrivate.ipl, the Geo IP parser.
The Geo IP parser is a fixed parser that takes IP addresses and converts them to geographical locations.
Note: (In Security Analytics 10.5.2 or later) The GeoMap feature from Google Earth that was used to display some geographical locations has been deprecated.
The geolocation metadata in GeoPrivate.ipl, are added for both ip.src and ip.dst. The parser uses two external data files, GeoCity.dat and GeoCountry.dat, which are both stored in the application directory. There are up to eight metadata for each IP address as listed in the table below.
|latdec.dst||Destination Decimal Latitude|
|latdec.src||Source Decimal Latitude|
|longdec.dst||Destination Decimal Longitude|
|longdec.src||Source Decimal Longitude|