Hi all,
I am using Google Maps App with the MAXMIND Addon.
I get a firewall log, like this (via syslog) :
Dec 1 14:58:05 15.166.100.200 Firewall: 1Dec2011 15:55:29 drop 15.166.100.200 >eth0 inzone: External; outzone: External; rule: 12; rule_uid: {648AE9D8}; rule_name: cleaner1!; src: 65.111.222.333; dst: 15.166.100.200; proto: udp; product: VPN-1 & FireWall-1; service: domain-udp; s_port: 65106;
I am new in Splunk and I tried since the last days to use the public source IP Adresse to locate and paint it in the Google Maps app, without success.
I think I need to put the src field in the clientip field that the MAXMIND Addon can work with, because the src field is not known for the script.
It that right?
I would really appriciate any examples how to solve my problem.
Thanky you very much in advise
edit
I tried that :
It matched but there were no bubbles in my map.
Thanks !
Try:
| rex field=_raw "src: (?<ip>[^;]+)" | geoip ip
The rex should match on the "src: " text and include everything up to the semi-colon. You might need to escape the semi-colon with a . You don't need to run "lookup" for the Google Maps App (at least, I don').
So, I also downloaded the Google map app (MAXMIND) for Splunk.
I have the coordinates for each building and I want to display the location on google map with a line pointing to each snmp /mdf point in the building. Whenever I run the ip_src search - nothing is populated.
What can I next?