https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264927#M5146 <P>Hi,</P> <P>Easy, use a lookup to list the countrys that you want to filter and then use the command iplocation with the field that you to identify the ip int he events</P> <P>index sourcetype .... | iplocation yourfieldip | search [|inputlookup list_country.csv |table Country] | stats count by Country</P> <P>Hope i help you</P> Wed, 07 Dec 2016 08:15:43 GMT jmallorquin 2016-12-07T08:15:43Z https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264926#M5145 <P>Hi All,</P> <P>I have to create a report where in if any IPs from the below countries hit our network, I should be able to see it.</P> <P>• Iran<BR /> • Syria<BR /> • Yemen<BR /> • Romania<BR /> • Israel <BR /> • Russia <BR /> • China</P> <P>Now I would like to know how to do this as I checked the geo ips of all these countries and there are too many. Is there an easier way of doing this? If so, kindly let me know the search string.</P> <P>Regards<BR /> Pradeep</P> Wed, 07 Dec 2016 07:51:55 GMT https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264926#M5145 seetharamanPr 2016-12-07T07:51:55Z https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264927#M5146 <P>Hi,</P> <P>Easy, use a lookup to list the countrys that you want to filter and then use the command iplocation with the field that you to identify the ip int he events</P> <P>index sourcetype .... | iplocation yourfieldip | search [|inputlookup list_country.csv |table Country] | stats count by Country</P> <P>Hope i help you</P> Wed, 07 Dec 2016 08:15:43 GMT https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264927#M5146 jmallorquin 2016-12-07T08:15:43Z https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264928#M5147 <P>Use geostats command.</P> <P>For example if I get latitude and logntitude in my events, it can be plotted on geo map using following query:</P> <PRE><CODE> index=main | geostats latfield=notifications{}.geoCoordinate.latitude longfield=notifications{}.geoCoordinate.longitude count by DeviceID </CODE></PRE> Wed, 07 Dec 2016 11:48:59 GMT https://community.splunk.com/t5/Reporting/How-can-we-create-a-report-based-on-country-geoip/m-p/264928#M5147 hardikJsheth 2016-12-07T11:48:59Z