Solved: How to show visualization of location map of sourc...

bayman · ‎05-09-2017

I want to show a map or country list of where connections are coming from in a search result of our Firewall events. How do I do this?

kmorris_splunk · ‎05-09-2017

You can use the iplocation command, passing it the field that contains the IP to get fields like CIty, Country, Region, lon (longitude), lat (latitude). Using stats you can get a list of countries with the count for each.

src_ip=* | iplocation src_ip | stats count by Country

To plot these on a map, use the geostats command instead of stats, and select the geographical map visualization on your Visualization tab.

src_ip=* | iplocation src_ip | geostats count by Country

View solution in original post

kmorris_splunk · ‎05-09-2017

You can use the iplocation command, passing it the field that contains the IP to get fields like CIty, Country, Region, lon (longitude), lat (latitude). Using stats you can get a list of countries with the count for each.

src_ip=* | iplocation src_ip | stats count by Country

To plot these on a map, use the geostats command instead of stats, and select the geographical map visualization on your Visualization tab.

src_ip=* | iplocation src_ip | geostats count by Country

How to show visualization of location map of source IPs?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup