News

# Bring new insights to your IP analytics with a global administrative layer in Elastic Maps

We love maps at Elastic. In the Elastic Stack, there is one core component of all data we visualize using maps: Location. Location can mean reporting real-time positions of fleet vehicles, using a geofence for limiting search results, gauging application performance metrics from a geographic area, or identifying security threats by attaching geographic coordinates to IP addresses.

We recently added an administrative regions boundaries layer to Elastic Maps for fine-tuning your geospatial analytics. This layer includes boundaries for nearly 5,000 administrative subdivisions for hundreds of countries across the globe. Each boundary has a ISO 3166-2 region code that can be joined to geo.region_iso_code fields in your indices using the Elastic Common Schema. The administration regions layer is available immediately in all versions of Kibana supporting Elastic Maps.

## Detailed geography for log analytics

We can use the administrative regions layer to observe where our website visitors are located. If you do not already have an Elasticsearch cluster, sign up for a free 14-day trial of Elastic Cloud. The example below uses Kibana 7.9.0, but you should be able to use any 7.x release.

First, we need some data to work with. I used the instructions in Kibana to add logs from NGINX for this demo, but you could also add other logs that contain IP addresses such as Apache or Traefik.

Once your log data is in Elasticsearch, open Elastic Maps in Kibana and add an Elastic Maps Service (EMS boundaries) layer using administrative regions as the source layer. In the layer properties add a term join using region ISO code as the left field. Use filebeat-* and source.geo.region_iso_code as the right source and right field, respectively. Under Layer Style, set the fill color to By value and Count of filebeat-* as seen in the screenshot below.

This workflow is simplified in Kibana 7.9 by adding a choropleth layer instead of EMS boundaries.

## Keep going!

We can analyze more than just web logs with the Elastic Stack! You can also use our Elastic Maps Service layers with other data such as APM, infrastructure monitoring, SIEM, and endpoint security.