simple question about google maps app and how to w...

frankysplunk · ‎12-02-2011

Hi all,

I am using Google Maps App with the MAXMIND Addon.

I get a firewall log, like this (via syslog) :

Dec 1 14:58:05 15.166.100.200 Firewall: 1Dec2011 15:55:29 drop 15.166.100.200 >eth0 inzone: External; outzone: External; rule: 12; rule_uid: {648AE9D8}; rule_name: cleaner1!; src: 65.111.222.333; dst: 15.166.100.200; proto: udp; product: VPN-1 & FireWall-1; service: domain-udp; s_port: 65106;

I am new in Splunk and I tried since the last days to use the public source IP Adresse to locate and paint it in the Google Maps app, without success.

I think I need to put the src field in the clientip field that the MAXMIND Addon can work with, because the src field is not known for the script.

It that right?

I would really appriciate any examples how to solve my problem.

Thanky you very much in advise

edit

I tried that :

| rex "(?\d+.\d+.\d+.\d+)" | eval clientip=src | lookup geoip clientip

It matched but there were no bubbles in my map.

Thanks !

howyagoin · ‎12-26-2012

Try:

| rex field=_raw "src: (?<ip>[^;]+)" | geoip ip

The rex should match on the "src: " text and include everything up to the semi-colon. You might need to escape the semi-colon with a . You don't need to run "lookup" for the Google Maps App (at least, I don').

bidahor13 · ‎07-13-2015

So, I also downloaded the Google map app (MAXMIND) for Splunk.
I have the coordinates for each building and I want to display the location on google map with a line pointing to each snmp /mdf point in the building. Whenever I run the ip_src search - nothing is populated.
What can I next?

simple question about google maps app and how to work with

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!