How often is the MaxMind GeoIP database updated in Cloud? If the answer is only when a new Splunk release is deployed to the Cloud, is there a way to manually update? The on premise process doesn't seem possible since the filesystem(s) are not accessible.
The cloud team has expressed that this is only updated with Splunk upgrades (although they are exploring changing that as per your feature request).
Alternatively, you might be able to submit a Cloud request to have them manually update it with a newer version just like you would for other back-end filesystem requests. You'd likely need to upload the newer version (attach it to the request) and specify any associated config details (https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html has a good explanation).
I also see there's a feature request with Cloud Operations for a regular-automated update.
@mhenson, I see you've not marked this answer as accepted. I just updated it to reflect what we've learned as part of the feature request. Meanwhile, if you feel this is still not clear in answering, let us know any additional questions?
I downvoted this post because this answer was but is no longer valid.
Splunk documentation has recently been updated with the following:
If you are using Splunk Cloud, updates to the MMDB file are provided ONLY via Splunk version upgrades. If you wish to discuss or request this, please file a Support ticket.
The Latest Support Stance (As of September 2019) is:
Fix: Splunk will NOT commit to version predictability on MaxMind DBs (MMDBs). MMDBs can and most likely will change in line with version upgrades as per the Cloud Maintenance Policy:
Workaround: If a customer requires version predictability, they may package the MMDB in a custom app. This app WILL be required to undergo vetting . If you wish to discuss or request this, please file a Support ticket.
If you are using MaxMind for GeoIP of NetFlow/sFlow/IPFIX, NetFlow Optimizer solution from NetFlow Logic (https://www.netflowlogic.com) has a cron setting to update it as often as you'd like. In addition, GeoIP enrichment is performed at the time when NetFlow record is processed, not at query time in Splunk.