https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368337#M162123 <P>Bonus but not suitable for search head clustering. <A href="https://github.com/georgestarcher/TA-geoip">https://github.com/georgestarcher/TA-geoip</A></P> Tue, 20 Mar 2018 17:55:54 GMT starcher 2018-03-20T17:55:54Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368333#M162119 <P>Hi,</P> <P>I have a table with list of Ip's and their respective locations but for few Ip's the Country and city regions are not being populated. I heard there is a way to update the geoip database but it comes with a limitation that if we upgrade the Splunk version the location file gets reset. is there any other alternative way to generate those results?</P> <P>Thanks,<BR /> Rakesh</P> Tue, 20 Mar 2018 15:20:33 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368333#M162119 rakeshyv0807 2018-03-20T15:20:33Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368334#M162120 <P>Have you checked if those IPs you are talking about are PRIVATE IPs?</P> <P>Those like 127.0.0.1 won't show you any geographical data</P> Tue, 20 Mar 2018 15:22:47 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368334#M162120 tiagofbmm 2018-03-20T15:22:47Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368335#M162121 <P>@tiagofbmm - I have checked and those are not private ip's. </P> Tue, 20 Mar 2018 17:17:36 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368335#M162121 rakeshyv0807 2018-03-20T17:17:36Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368336#M162122 <P>Not all IPs information will be available on the 3rd party databases:</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Iplocation">https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Iplocation</A></P> <P>Extracts location information from IP addresses by using 3rd-party databases. <BR /> The IP address that you specify in the ip-address-fieldname argument, is looked up in the database. Fields from that database that contain location information are added to each event. The setting used for the allfields argument determines which fields are added to the events.</P> <P>Because all the information might not be available for each IP address, an event can have empty field values.</P> Tue, 20 Mar 2018 17:38:38 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368336#M162122 tiagofbmm 2018-03-20T17:38:38Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368337#M162123 <P>Bonus but not suitable for search head clustering. <A href="https://github.com/georgestarcher/TA-geoip">https://github.com/georgestarcher/TA-geoip</A></P> Tue, 20 Mar 2018 17:55:54 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368337#M162123 starcher 2018-03-20T17:55:54Z https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368338#M162124 <P>Nice one! </P> Tue, 20 Mar 2018 17:58:01 GMT https://community.splunk.com/t5/Splunk-Search/Why-does-geoIp-database-for-Iplocation-command-doesn-t-provide/m-p/368338#M162124 tiagofbmm 2018-03-20T17:58:01Z