All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to replace Geo Location Database

renebrutschin
New Member
‎12-18-2013 08:01 AM

Does anyone know on how to replace the included GeoLite Database with a commercial version of GeoIP Country from MAXMIND? After replacing the database files, IP location lookup does not work anymore ...

Any ideas?

Regards,
Rene

0 Karma
Reply

jsie_splunk
Splunk Employee
Splunk Employee
‎12-18-2013 08:42 PM

Hi there,

I'm assuming you're referring to the Maxmind app located here http://apps.splunk.com/app/291/. As it is currently written, it specifically requires a GeoIP City type of database. Using a GeoIP Country type would require some modification of the custom search command implementation.

If you're okay using the City type, then you need to replace the Lite version at 

$SPLUNK_HOME/etc/apps/MAXMIND/bin/GeoLiteCity.dat

with the commercial one. Be sure to maintain the same name "GeoLiteCity.dat" as it's coded within the python script. Alternatively, you could modify the python script

$SPLUNK_HOME/etc/apps/MAXMIND/bin/geoip.py

and replace the file name with your commercial one.

Change:
DB_PATH=('GeoLiteCity.dat')

To:
DB_PATH=('YOURFILENAME.dat')

Regards and good luck.

0 Karma
Reply

renebrutschin
New Member
‎12-23-2013 02:28 AM

Thanks, as we only need country information and Geo IP City is much more expensive then Geo IP Country we will have to customize the custom search.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...