All Apps and Add-ons

simple question about google maps app and how to work with

frankysplunk
Explorer

Hi all,

I am using Google Maps App with the MAXMIND Addon.

I get a firewall log, like this (via syslog) :

Dec 1 14:58:05 15.166.100.200 Firewall: 1Dec2011 15:55:29 drop 15.166.100.200 >eth0 inzone: External; outzone: External; rule: 12; rule_uid: {648AE9D8}; rule_name: cleaner1!; src: 65.111.222.333; dst: 15.166.100.200; proto: udp; product: VPN-1 & FireWall-1; service: domain-udp; s_port: 65106;

I am new in Splunk and I tried since the last days to use the public source IP Adresse to locate and paint it in the Google Maps app, without success.

I think I need to put the src field in the clientip field that the MAXMIND Addon can work with, because the src field is not known for the script.

It that right?

I would really appriciate any examples how to solve my problem.

Thanky you very much in advise

edit

I tried that :

  • | rex "(?\d+.\d+.\d+.\d+)" | eval clientip=src | lookup geoip clientip

It matched but there were no bubbles in my map.

Thanks !

Tags (2)
0 Karma

howyagoin
Contributor

Try:

| rex field=_raw "src: (?<ip>[^;]+)" | geoip ip

The rex should match on the "src: " text and include everything up to the semi-colon. You might need to escape the semi-colon with a . You don't need to run "lookup" for the Google Maps App (at least, I don').

bidahor13
Path Finder

So, I also downloaded the Google map app (MAXMIND) for Splunk.
I have the coordinates for each building and I want to display the location on google map with a line pointing to each snmp /mdf point in the building. Whenever I run the ip_src search - nothing is populated.
What can I next?

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...