I built my own analytics App for Splunk to offer business insights for my wife's small business. Mostly how traffic correlates with purchases and where buyers are coming from.
As a side effect same system detects malware and cyber attacks on other websites pretty well as well.
Only raw logs. Splunk resolves IP to Country/Region/City (and geo coordinates if wanted to map these).
Mostly playing with raw logs and then even RAW-er logs using Splunk Stream (thing that switches network interface in promiscuous mode and gives me all data for all protocols and any context I ever want).
For example I can analyze anomalies in web hits and anomalies in web session to discover new, previously unknown traffic sources and patterns.
It helped to discover 2 new classes of cyberattacks I didn't know were targeting my server.
As a side effect same system detects malware and cyber attacks on other websites pretty well as well.
https://splunkbase.splunk.com/app/2676/