https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544864#M154289 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/232771">@ismail_salma198</a>,</P><P>Your subsearch result format is not suitable for ipinfo command. You don't need to use subsearch.</P><P>Please try below; please use a specific index on your searches to help Splunk run faster</P><LI-CODE lang="markup"> "10.19.10.10" "%ASA-6-722023" dest="*" | ipinfo dest</LI-CODE><P>&nbsp;</P> Tue, 23 Mar 2021 04:03:23 GMT scelikok 2021-03-23T04:03:23Z https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544844#M154284 <P>I am executing a query in splunk which is below :</P><P>&nbsp;</P><P>| makeresults | eval ip="$ip$" | makemv delim="," ip | mvexpand ip | ipinfo ip [ search "10.19.10.10", "%ASA-6-722023", dest="*" | fields dest | rename dest as ip]</P><P>&nbsp;</P><P>but it is giving me following error</P><P><SPAN>10 errors occurred while the search was executing. Therefore, search results might be incomplete</SPAN></P><UL><LI>Unrecognized option: ip=103.208.69.136</LI><LI>Unrecognized option: ip=103.226.206.167</LI><LI>Unrecognized option: ip=103.96.43.249</LI><LI>Unrecognized option: ip=106.193.34.105</LI><LI>Unrecognized option: ip=117.221.92.44</LI><LI>Unrecognized option: ip=182.70.78.160</LI><LI>Unrecognized option: ip=27.97.140.72</LI><LI>Unrecognized option: ip=49.36.37.0</LI><LI>Unrecognized option: ip=49.36.43.61</LI><LI>Unrecognized option: ip=68.228.83.221</LI></UL><P>&nbsp;</P><P>I have installed IPINFO app on splunk to get the carrier information.&nbsp;</P> Mon, 22 Mar 2021 23:08:27 GMT https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544844#M154284 ismail_salma198 2021-03-22T23:08:27Z https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544864#M154289 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/232771">@ismail_salma198</a>,</P><P>Your subsearch result format is not suitable for ipinfo command. You don't need to use subsearch.</P><P>Please try below; please use a specific index on your searches to help Splunk run faster</P><LI-CODE lang="markup"> "10.19.10.10" "%ASA-6-722023" dest="*" | ipinfo dest</LI-CODE><P>&nbsp;</P> Tue, 23 Mar 2021 04:03:23 GMT https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544864#M154289 scelikok 2021-03-23T04:03:23Z https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544866#M154291 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/232771">@ismail_salma198</a>&nbsp;<BR />have you made below configuration as mentioned&nbsp;<A href="https://splunkbase.splunk.com/app/4070/#/details" target="_blank">https://splunkbase.splunk.com/app/4070/#/details</A>&nbsp;</P><P>-------------- Configuration ------------</P><P>Just update ip_info_setup.conf in $SPLUNK_HOME/etc/apps/ip_info/local/</P><P>[api_configuration]<BR />api_url =<SPAN>&nbsp;</SPAN><A href="https://ipinfo.io/" target="_blank">https://ipinfo.io/</A><BR />token = &lt;your token here&gt;</P><P>and restart Splunk</P> Tue, 23 Mar 2021 04:10:40 GMT https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544866#M154291 493669 2021-03-23T04:10:40Z https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544876#M154296 <P>It works awesome Thank you man.&nbsp;</P> Tue, 23 Mar 2021 05:48:37 GMT https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544876#M154296 ismail_salma198 2021-03-23T05:48:37Z https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544877#M154297 <P>Ur given solution worked.&nbsp; Much much appreciated. Thanks alot</P><P>&nbsp;</P><P>Regards</P><P>Ismail Kalolwala&nbsp;</P> Tue, 23 Mar 2021 05:50:07 GMT https://community.splunk.com/t5/Splunk-Search/ipinfo/m-p/544877#M154297 ismail_salma198 2021-03-23T05:50:07Z