Solved: Splunk GeoIP database

darioapis · ‎02-26-2019

I have one simple question. Does Splunk use paid "GeoLite2-City.mmdb" version or free one. The reason is that, if it is not paid then I can upgrade it manually. Thanks.

chrisyounger · ‎02-26-2019

Hi @darioapis

Its not paid, so you can update it if you like. There are also Splunkbase apps that can do it for you. Like this one: https://splunkbase.splunk.com/app/4183/

All the best

View solution in original post

VatsalJagani · ‎04-02-2021

This App seems to be really useful - https://splunkbase.splunk.com/app/5482/.

The App auto-updates the MaxMind database without going into the backend every week. It also allows you to run a search command on Splunk search to manually download and update the latest database.

chrisyounger · ‎02-26-2019

Hi @darioapis

Its not paid, so you can update it if you like. There are also Splunkbase apps that can do it for you. Like this one: https://splunkbase.splunk.com/app/4183/

All the best

_joe · ‎11-13-2020

It appears the automatic update portion only works if you have a paid API key.

markhill1 · ‎03-24-2021

Hi, Actually it works with just the free sign-up, I have been using it that way for a long time now. Unless you are talking about the auto-update app they have for installing on your host machine. I haven't used that before. Thanks.

Splunk GeoIP database

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?