topic Re: SPL: Searching the Network Traffic for anything that is not (!=) United States in Splunk Search https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478215#M192858 <P>index=* sourcetype=* action="*"<BR /> |stats count by host,src_ip,dest_ip,port<BR /> |where src_ip!="United States"</P> <P>OR</P> <P>Index=* sourcetype=* action="*"<BR /> | stats count by src_ip dest_ip<BR /> |iplocation src_ip dest_ip<BR /> | where Country != "United States"<BR /> |geostats latfield=lat longfield=lon count by Country</P> Wed, 30 Sep 2020 03:48:15 GMT itsmevic 2020-09-30T03:48:15Z SPL: Searching the Network Traffic for anything that is not (!=) United States https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478213#M192856 <P>Hello fellow Splunkers ( : </P> <PRE><CODE>Does anyone have some SPL laying around that shows network traffic that is NOT United States based both source and destination standpoints. I'd like to be able to monitor any of this type of traffic on my network via Splunk. </CODE></PRE> Tue, 31 Dec 2019 19:08:32 GMT https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478213#M192856 itsmevic 2019-12-31T19:08:32Z Re: SPL: Searching the Network Traffic for anything that is not (!=) United States https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478214#M192857 <P>will you provide sample log?<BR /> Is country identification (<A href="https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/">maxmind geolite2</A> ) a problem?<BR /> Do you update country data? </P> Tue, 31 Dec 2019 22:44:11 GMT https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478214#M192857 to4kawa 2019-12-31T22:44:11Z Re: SPL: Searching the Network Traffic for anything that is not (!=) United States https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478215#M192858 <P>index=* sourcetype=* action="*"<BR /> |stats count by host,src_ip,dest_ip,port<BR /> |where src_ip!="United States"</P> <P>OR</P> <P>Index=* sourcetype=* action="*"<BR /> | stats count by src_ip dest_ip<BR /> |iplocation src_ip dest_ip<BR /> | where Country != "United States"<BR /> |geostats latfield=lat longfield=lon count by Country</P> Wed, 30 Sep 2020 03:48:15 GMT https://community.splunk.com/t5/Splunk-Search/SPL-Searching-the-Network-Traffic-for-anything-that-is-not/m-p/478215#M192858 itsmevic 2020-09-30T03:48:15Z