All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SA-geodistance old location time

rtalcik
Path Finder
‎05-12-2020 07:45 AM

Hi all,

so i started using this APP here. - SA-geodistance and its nice, I like it. However I don't understand how it pulls the old location and how I get the time the of the old location it is pulling.

https://splunkbase.splunk.com/app/3232/ OR https://github.com/seunomosowon/SA-geodistance

0 Karma
Reply

seunomosowon
Communicator
‎05-12-2020 07:52 AM

The first time it sees an event within your search window with one set of lat/long coordinates, it uses that as the first event for that pair. It will have a relative distance of 0.

0 Karma
Reply

rtalcik
Path Finder
‎05-12-2020 08:33 AM

thanks for the post. question though. I understand its using the first event for that pair. but how can I get the time of that first event.

for example im trying to accomplish a vpn alert showing they logged into something over 200 miles away from the last 15 minutes.

If the first IP they're gathering is older than the amount of time it takes to travel over 200 miles than it could produce FPs

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...