IP-Based Geographic Distribution

In this scenario, security teams can monitor outbound connections to identify:

Unusual connection destinations
Data exfiltration patterns
Geographic distribution of network traffic

Sample input data. Here is example input data for this scenario:

{
  "@timestamp": "2025-09-23T10:15:22Z",
  "event_simpleName": "NetworkConnection",
  "source_hostname": "WKSTN-001",
  "destination_ip": "203.0.113.45",
  "port": 443,
  "success": true,
  "bytes_transferred": 1024
}

Query. To create a worldmap, use the following query:

logscale

#event_simpleName=NetworkConnection 
| success=true 
| worldMap(ip=destination_ip)

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Dashboards

Widgets

Automation

Template Language

Keyboard Shortcuts

IP-Based Geographic Distribution

Similar Content

Training

Enter search term