From 6138a91927c00d94e94c92ade1f92bf0a3e2db37 Mon Sep 17 00:00:00 2001
From: Andy Kwok <andy.kwok@improving.com>
Date: Tue, 31 Dec 2024 16:58:25 -0800
Subject: [PATCH] Update doc

Signed-off-by: Andy Kwok <andy.kwok@improving.com>
---
 docs/category.json                |  1 +
 docs/user/ppl/functions/geoip.rst | 38 +++++++++++++++++++++++++++++++
 docs/user/ppl/index.rst           |  2 ++
 3 files changed, 41 insertions(+)
 create mode 100644 docs/user/ppl/functions/geoip.rst

diff --git a/docs/category.json b/docs/category.json
index 32f56cfb46..1830f557f5 100644
--- a/docs/category.json
+++ b/docs/category.json
@@ -34,6 +34,7 @@
     "user/ppl/functions/datetime.rst",
     "user/ppl/functions/expressions.rst",
     "user/ppl/functions/ip.rst",
+    "user/ppl/functions/geoip.rst",
     "user/ppl/functions/math.rst",
     "user/ppl/functions/relevance.rst",
     "user/ppl/functions/string.rst"
diff --git a/docs/user/ppl/functions/geoip.rst b/docs/user/ppl/functions/geoip.rst
new file mode 100644
index 0000000000..be5c0c3b95
--- /dev/null
+++ b/docs/user/ppl/functions/geoip.rst
@@ -0,0 +1,38 @@
+====================
+Geo IP Address Functions
+====================
+
+.. rubric:: Table of contents
+
+.. contents::
+   :local:
+   :depth: 1
+
+CIDRMATCH
+---------
+
+Description
+>>>>>>>>>>>
+
+Usage: `geoip(dataSourceName, ipAddress, options)` to lookup location information from given IP addresses via OpenSearch GeoSpatial plugin API.
+
+Argument type: STRING, STRING, STRING
+
+Return type: Tuple
+
+Example:
+
+    os> source=weblogs | eval LookupResult = geoip("dataSourceName", "50.68.18.229", "country_iso_code,city_name")
+    fetched rows / total rows = 1/1
+    +-------------------------------------------------------------+
+    | LookupResult                                                        |
+    |-------------------------------------------------------------|
+    | {'city_name': 'Vancouver', 'country_iso_code': 'CA'}        |
+    +-------------------------------------------------------------+
+
+
+Note:
+ - `dataSourceName` must be an established dataSource on OpenSearch GeoSpatial plugin, detail of configuration can be found: https://opensearch.org/docs/latest/ingest-pipelines/processors/ip2geo/
+ - `ip` can be an IPv4 or an IPv6 address
+ - `options` is a comma separated String for user to specify fields to output, the selection of fields subject to dataSourceProvider's schema, the list of geolite2-city dataset provide fields: "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "time_zone", "location"
+
diff --git a/docs/user/ppl/index.rst b/docs/user/ppl/index.rst
index ef8cff334e..1e24fa3fb0 100644
--- a/docs/user/ppl/index.rst
+++ b/docs/user/ppl/index.rst
@@ -106,6 +106,8 @@ The query start with search command and then flowing a set of command delimited
 
   - `IP Address Functions <functions/ip.rst>`_
 
+  - `Geo IP Address Functions <functions/geoip.rst>`_
+
 * **Optimization**
 
   - `Optimization <../../user/optimization/optimization.rst>`_