[FEATURE]Add iplocation function to PPL for IP address geolocation

[YANG-DB]

Description:
We propose adding an geoip function to OpenSearch's Piped Processing Language (PPL) and SQL to provide built-in IP address geolocation capabilities.
This feature would be similar to functionality used in OpenSearch's geospatial feature, enhancing PPL's ability to enrich log data with geographical information based on IP addresses.

Proposed Functionality:

1. The 'geoip' function should take an IP address as input and return geographical information.
2. It should support both IPv4 and IPv6 addresses.
3. The function should return multiple fields including country, region, city, latitude, longitude, and others as available.
4. It should allow users to specify which geolocation fields to include in the output.
5. The function should use a regularly updated IP geolocation database for accuracy.

Example Usage:

... | eval geolocation = geoip(ip_field)

This would add a new field 'geolocation' with all available location information for the IP address in 'ip_field'.

... | eval country = geoip(ip_field, "country")
... | eval lat = geoip(ip_field, "lat"), lon = iplocation(ip_field, "lon")

This would add new fields with specific geolocation information.

... | eval location_info = geoip(ip_field, "country,region,city,lat,lon")

This would add a new field 'location_info' with multiple pieces of geolocation data.

Additional considerations

• Allow for registering a DB table that allows resolving the IP to Geo
• Adding a generic way to register the IP to Geo location resolving mechanism / service
  • Adding auth tokens for calling such service

[dblock]

[Catch All Triage - 1, 2, 3, 4]

[abdullahdevrel]

Just passing by - considering the discussion is around GeoIP functionality, would it be possible to add support for our (IPinfo) IP databases as well? We have a bunch of IP databases that come in MMDB data file format, which also include our free IP database (https://ipinfo.io/products/free-ip-database). Our free IP databases include the IP to Country ASN/ISP database that comes with full accuracy, no EULA, and allows commercial re-distribution through only providing an attribute.

[YANG-DB]

@abdullahdevrel thanks for your interest and proposal
Our goal is to provide a vendor agnostic support for any IP datasource eventually - the first iteration would be a just simple table to use as a lookup resolution
the next phase would add additional types of data-sets and you are very welcome to contribute your IP data-source - it would be great !

[abdullahdevrel]

Thank you very much @YANG-DB. Please keep me in the loop. We have the best IP databases out there. So, we will be super happy to bring our data to the community.