I need to create a report the will summary the countries that our users connected our network from.
Using the "iplocation" command I got a results, but for sure I can say that I know about an employee connected from a country in Europe but in the logs it appears that he connected from a country in the middle east.
Is there more accurate option to make sure I will present the correct information?
the problem isn't how much accurate is the option, it depends on the table used to correlate IP addresses and coordinates (lat and long).
If you want there are some more datailed tables than the ones in Splunk (paying!).
Anyway the problem probably isn't in the table but in the location of the Internet accesses of your organization: maybe a paople is in a site (Middle East) but the access point in in another site (Europe).