Archive

Can you show me how to setup IP GEO lookup workflow action

Engager

Hi guys, i am learning splunk , and working my way through Workflow action, i have a dataset which has a clientip field with over 100+ unique IP address

I am trying to get their GEO location of each IP, can i do that via Workflow action? or i have to do it via LOOKUP?

Can you please show me how to do it?

Tags (2)
0 Karma

SplunkTrust
SplunkTrust

Assuming the IP addresses are all internet routable and not private addresses this should work fine:

... | iplocation clientip | geostats count by Country

If you want additional fields that iplocation doesnt provide, you can dig into some geospatial lookups:

https://docs.splunk.com/Documentation/Splunk/6.4.2/Knowledge/Configuregeospatiallookups

Engager

So I achieve this using LOOKUP or via workflow action?

0 Karma

Esteemed Legend

Attach the given string to the end of your existing search. That is it.