Solved: How to show visualization of location map of sourc...

bayman · ‎05-09-2017

I want to show a map or country list of where connections are coming from in a search result of our Firewall events. How do I do this?

kmorris_splunk · ‎05-09-2017

You can use the iplocation command, passing it the field that contains the IP to get fields like CIty, Country, Region, lon (longitude), lat (latitude). Using stats you can get a list of countries with the count for each.

src_ip=* | iplocation src_ip | stats count by Country

To plot these on a map, use the geostats command instead of stats, and select the geographical map visualization on your Visualization tab.

src_ip=* | iplocation src_ip | geostats count by Country

View solution in original post

kmorris_splunk · ‎05-09-2017

You can use the iplocation command, passing it the field that contains the IP to get fields like CIty, Country, Region, lon (longitude), lat (latitude). Using stats you can get a list of countries with the count for each.

src_ip=* | iplocation src_ip | stats count by Country

To plot these on a map, use the geostats command instead of stats, and select the geographical map visualization on your Visualization tab.

src_ip=* | iplocation src_ip | geostats count by Country

How to show visualization of location map of source IPs?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...