This plugin is used to enrich the log information. Given the IP address, it adds the geographical location of the IP address. It finds the geographical information by performing a lookup against the GeoLite2 City database for valid IP addresses and populates fields with results. The GeoLite2 City database is a product of the Maxmind organization and is available under the CCA-ShareAlike 4.0 license. Logstash comes bundled with the GeoLite2 City database, so when performing a lookup, it doesn't need to perform any network call; this is why the lookup is fast.

The only required parameter for this plugin is source, which accepts an IP address in string format. This plugin creates a geoip field with geographical details such as country, postal code, region, city, and so on. A [geoip][location] field is created if the GeoIP lookup returns a latitude and longitude, and it is mapped to the geo_point type when indexing to Elasticsearch. geop_point fields can be used for Elasticsearch's geospatial query, facet, and filter functions, and can be used to generate Kibana's map visualization, as shown in the following screenshot: