Does anyone know on how to replace the included GeoLite Database with a commercial version of GeoIP Country from MAXMIND? After replacing the database files, IP location lookup does not work anymore ...
Any ideas?
Regards,
Rene
Hi there,
I'm assuming you're referring to the Maxmind app located here http://apps.splunk.com/app/291/. As it is currently written, it specifically requires a GeoIP City type of database. Using a GeoIP Country type would require some modification of the custom search command implementation.
If you're okay using the City type, then you need to replace the Lite version at
$SPLUNK_HOME/etc/apps/MAXMIND/bin/GeoLiteCity.dat
with the commercial one. Be sure to maintain the same name "GeoLiteCity.dat" as it's coded within the python script. Alternatively, you could modify the python script
$SPLUNK_HOME/etc/apps/MAXMIND/bin/geoip.py
and replace the file name with your commercial one.
Change:
DB_PATH=('GeoLiteCity.dat')
To:
DB_PATH=('YOURFILENAME.dat')
Regards and good luck.
Thanks, as we only need country information and Geo IP City is much more expensive then Geo IP Country we will have to customize the custom search.