The iplocation command has the City and Country fields, for example:
sourcetype="IPS" | iplocation src_ip | table src_ip, City, Country
Is there a way or a field to add the State (or province?) to the results?
Found it, the field is called "Region". This field should be included in the iplocation syntax documentation (that only mentions City and Country):
View solution in original post