All Apps and Add-ons

simple question about google maps app and how to work with


Hi all,

I am using Google Maps App with the MAXMIND Addon.

I get a firewall log, like this (via syslog) :

Dec 1 14:58:05 Firewall: 1Dec2011 15:55:29 drop >eth0 inzone: External; outzone: External; rule: 12; rule_uid: {648AE9D8}; rule_name: cleaner1!; src:; dst:; proto: udp; product: VPN-1 & FireWall-1; service: domain-udp; s_port: 65106;

I am new in Splunk and I tried since the last days to use the public source IP Adresse to locate and paint it in the Google Maps app, without success.

I think I need to put the src field in the clientip field that the MAXMIND Addon can work with, because the src field is not known for the script.

It that right?

I would really appriciate any examples how to solve my problem.

Thanky you very much in advise


I tried that :

  • | rex "(?\d+.\d+.\d+.\d+)" | eval clientip=src | lookup geoip clientip

It matched but there were no bubbles in my map.

Thanks !

Tags (2)
0 Karma



| rex field=_raw "src: (?<ip>[^;]+)" | geoip ip

The rex should match on the "src: " text and include everything up to the semi-colon. You might need to escape the semi-colon with a . You don't need to run "lookup" for the Google Maps App (at least, I don').

Path Finder

So, I also downloaded the Google map app (MAXMIND) for Splunk.
I have the coordinates for each building and I want to display the location on google map with a line pointing to each snmp /mdf point in the building. Whenever I run the ip_src search - nothing is populated.
What can I next?

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!