GeoIP for domain names

hartfoml · ‎01-13-2014

Has anyone tried to do a lookup for domain names to work with the Google Maps App?

hartfoml · ‎01-14-2014

I have a distributed Search Environment do I need to install the add on to all the indexers or just the search head?

I think the search below might work but I don't know if I have the subsearch right.

Foo=Mysearch domain=* [| lookup whoisLookup ip] | geoip ip

jsie_splunk · ‎01-13-2014

Have you tried it to see if it works? Are you running into an issue?

hartfoml · ‎01-13-2014

Yes but given the IP address from the Whois app mentioned below I could use the IP address in the Google Maps app to map the IP, right???

jsie_splunk · ‎01-13-2014

Do you mean…
- given an fqdn, lookup it's ip address(es)
- convert those to lat/lon
- plot on a map?

yannK · ‎01-13-2014

if you want domain informations, use the whois app.

hartfoml · ‎01-13-2014

Also if I have a distributed Search Environment do I need to install the add on to all the indexers or just the search head?

hartfoml · ‎01-13-2014

here is the search that I do with GeoIP
foo=MySearch dest_ip=* | geoip dest_ip

If I wanted to use the Domsain Name with Whois and GeoIP apps, how could I combine them.

Foo=Mysearch domain=* [| lookup whoisLookup ip] | geoip ip

Are you a member of the Splunk Community?