Hi @rgroleau. Thanks for sharing this question with us. I agree with Andrew that the geo_match enrich policy is the best option for this.
The Elastic Maps Service has country and some subdivision boundaries that you can use. For example, you can download the GeoJSON file from https://maps.elastic.co. Then use the GeoJSON Upload tool in Elastic Maps to upload the GeoJSON file into a new index containing the boundaries.
After the index has been created you can set up the geo_match enrich policy to use the new index and attach fields from the boundaries index to your documents at ingest.
@rgroleau We want to make this process much easier so we could really use some more information from you. Can you share what the lat/long coordinates represent? For example, are these the origins of a security threat, or building locations, or something else?
The more we understand the specific problems and datasets in play, the better we can set the priorities of how we build our solutions going forward.