https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105348#M27322 <P>iplocation in Splunk 6 is using Maxmind DB internally?</P> Thu, 24 Oct 2013 07:53:42 GMT melonman 2013-10-24T07:53:42Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105345#M27319 <P>Hi,</P> <P>I have been using Google Map app mainly for lookup the locations of ipaddress.<BR /> With Splunk6, I can use native map without accessing internet, but googme map app is currently supported in up to Splunk 5, not splunk 6.</P> <P>Is there any way to do geo ip lookup and get lat/lng info to plot the data on splunk map without using google map app?</P> <P>Thank you</P> Thu, 17 Oct 2013 23:42:00 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105345#M27319 melonman 2013-10-17T23:42:00Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105346#M27320 <P>No, not interactively like you would with google maps. Yes, it sucks. In this release maps are only available as visualizations instead. </P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.0/Viz/Visualizationreference#Maps">http://docs.splunk.com/Documentation/Splunk/6.0/Viz/Visualizationreference#Maps</A></P> Fri, 18 Oct 2013 02:53:26 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105346#M27320 _d_ 2013-10-18T02:53:26Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105347#M27321 <P>so, I have to use iplocation command which actually have to talk to external iplocation service provider, correct?</P> <P><MAP><BR /> <TITLE>map</TITLE><BR /> <SEARCHSTRING><BR /> sshd (Accepted OR Failed)<BR /> | rex "(?<IP>\d+.\d+.\d+.\d+)" <BR /> | rex "(?<RES>Accepted|Failed)" <BR /> | stats count by ip res <BR /> | iplocation ip <BR /> | geostats latfield=lat longfield=lon sum(count) as count by res<BR /> </RES><BR /> </IP></SEARCHSTRING></MAP></P> Thu, 24 Oct 2013 06:51:43 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105347#M27321 melonman 2013-10-24T06:51:43Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105348#M27322 <P>iplocation in Splunk 6 is using Maxmind DB internally?</P> Thu, 24 Oct 2013 07:53:42 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105348#M27322 melonman 2013-10-24T07:53:42Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105349#M27323 <P>I did iplookup without internet connection and it worked. Looks like Splun has internal DB for ip location information already.</P> Mon, 28 Oct 2013 04:27:38 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105349#M27323 melonman 2013-10-28T04:27:38Z https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105350#M27324 <P>yes, it has mmdb table for these lookups. it supposed to be updated with each release. <BR /> if you want to get list dynamically, you would need to update limits.conf in server for iplookup.<BR /> you could point it to external web db as required. However, back it up before you do such a thing. </P> Tue, 30 May 2017 19:44:42 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-go-geoip-lookup-and-plot-data-on-splunk-6-native-map/m-p/105350#M27324 akocak 2017-05-30T19:44:42Z