Latest Version 1.0.6
April 12, 2011
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Geo Location Lookup Script (powered by MAXMIND)
Splunk for Use with MAXMIND is an application that provides geo_ip information on any public IP in your Splunk DB in a scalable fashion. The GeoIPCityLite DB is apart of the app so no internet connection is required and lookups are performed locally on your search head. The use is simple, pipe any search to ' lookup geoip clientip as <some_ip_field> ' If you do not have an IP field in your data you can use the rex command to extract one and perform a lookup Example Searches: eventtype=firewall_event | lookup geoip clientip as src_ip sourcetype=syslog | rex field=_raw "(?<ip>\d+\.\d+\.\d+\.\d+)" | lookup geoip clientip as ip This product includes GeoLite data created by: MaxMind available from: http://www.maxmind.com/
Built by BD LABS
Compatibility
Not Available
Platform Version: 5.0
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Ranking
#7
in IT Operations
#11
in Utilities
Splunk for Use with MAXMIND is an application that provides geo_ip information on any public IP in your Splunk DB in a scalable fashion. The GeoIPCityLite DB is apart of the app so no internet connection is required and lookups are performed locally on your search head.
The use is simple, pipe any search to ' lookup geoip clientip as <some_ip_field> ' If you do not have an IP field in your data you can use the rex command to extract one and perform a lookup
Example Searches:
eventtype=firewall_event | lookup geoip clientip as src_ip
sourcetype=syslog | rex field=_raw "(?<ip>\d+\.\d+\.\d+\.\d+)" | lookup geoip clientip as ip
This product includes GeoLite data created by: MaxMind available from: http://www.maxmind.com/
Categories
Created By
BD LABS
Type
addon
Downloads
26,837
Licensing
Splunk Answers
Resources
Login to report this app listing