All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Google Maps GeoIP Not Working Right?

tfitzgerald15
Explorer
‎07-01-2013 12:17 PM

I'm using the Google Maps App for Splunk. When attempting to use the geoip command, it only appears to actually show a small fraction of a percentage (around .0008%) of IPs as having geographical information.

sourcetype="pan_*" | geoip src_ip resolve_hostnames=true

It's searched 188,826 records (all of which contain the src_ip field in standard X.X.X.X format), however it's only stating that there are "166 results with location information ( 16 distinct locations ) over all time".

Using free online tools, I get a better hit ratio than this. Can anyone help me out? I'm guessing I'm doing something wrong with my RegEx.

-Travis

0 Karma
Reply

asimagu
Builder
‎07-01-2013 04:40 PM

This is a known issue. When using geoip command , for searches with lots of events it has a limitation with the results splunk shows after you run the search with the command. In the background it finds all of them, but it may be showing you only a few. Don’t worry, it has no effect when you want to show stats.

Info: http://splunk-base.splunk.com/answers/37105/geoip-search-results-not-correct?page=1&focusedAnswerId=...

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...