Intranet Environment,
Device : Cisco ASA
How to Use INDIA Map in Dash Board Insted of World Map, And How to Use Custom IP Subnet Mapping to Location.
For Example:
I Want to Use 1.1.1.0/24 Subnet to be mapped to Banglore, 15.0.0.0/24 Subnet to be mapped to Delhi
Source_type : cisco:asa
Index : asa_db
You could use eval to create a new ip field and then use that instead:
index=asa_db sourcetype=cisco:asa
| eval ip=if(cidrmatch("1.1.1.0/24",src_ip),"14.96.40.25",match("15.0.0.0/24",src_ip),"14.141.241.1",src_ip)
| iplocation ip
| geostats count by city
This eval is using cidrmatch to match the two cidr you gave and changing them to a known TATA communications IP address, which will then map to Bangalore or Delhi. If the regex doesn't match then it leaves ip equal to the src_ip.
The search assumes the field you want to use for the eval I s called src_ip, but it might be different in your data.
To find public ips in each location I just googled "ip addresses Bangalore" and found a website that said which IPs were in Bangalore.
what is eval? How can i use it in search?
To make it start with India as the default map edit the visualization and modify the "initial coordinates" to be latitude and longitude of central India.