Enriching Telemetry Events
Also available as:
PDF

Configure Geocoding

You can enrich your parser data by adding locations of any known external IP address. The IP address must exist in the geocoding data that you are loading into Hortonworks Cybersecurity Platform (HCP).

  1. From the list of sensors in the Management user interface main window, select your new sensor.
  2. Click the pencil icon in the toolbar.
    The Management UI displays the sensor panel for the sensor.
    Note
    Note
    Your sensor must be running and producing data before you can add geocoding information.
  3. In the Schema box, click (expand window).
    The Management UI displays a panel for the sensor.
  4. From INPUT FIELD, select the field to transform, enter the name of the new field in the NAME field, and then choose a function with the appropriate parameters in the TRANSFORMATIONS box.
  5. From the ENRICHMENTS field, choose geo.
  6. If you decide not to use the default values for the batchSize and batchTimeout properties, you can set their values.
    In the Advanced portion of the input panel, enter the property name (for example batchSize) and the value in the PARSER CONFIG fields.
  7. Click SAVE.
    If you change your mind and want to remove a transformation, click the "x" next to the field.
  8. You can also suppress fields with the transformation feature by clicking (suppress icon).
    This icon prevents the field from being displayed, but it does not remove the field entirely.
  9. Click SAVE.