Solved: Re: splunk maps plotting using IP address

sushmitha_mj · ‎05-12-2015

Can maps be plotted using IP address instead of coordinates?
How can I use the IP address to plot a location in a map?

aljohnson_splun · ‎05-12-2015

As Krish3 mentioned, you're going to want to use iplocation most likely, and after that, geostats, e.g.:

... | iplocation clientip | geostats count by Country

View solution in original post

mporath_splunk · ‎09-28-2015

Above answer is the preferred approach for 6.2 and below.

The new Splunk 6.3 introduced Choropleth Maps as a new visualization type. The new release ships with a geospatial lookup that contains all countries of the world as polygons to show on a map.

Find more information on Choropleth Maps in the Splunk Docs for 6.3.

bworrellZP · ‎05-23-2016

I downvoted this post because did not give an example of how to create a choropleth map based on the original posters question

simon_lavigne · ‎04-03-2016

I downvoted this post because no attempt to answer the original posters question.

aljohnson_splun · ‎05-12-2015

As Krish3 mentioned, you're going to want to use iplocation most likely, and after that, geostats, e.g.:

... | iplocation clientip | geostats count by Country

krish3 · ‎05-12-2015

Yes you can try using iplocation command.

your search query |iplocation IPaddress_fieldname

For more details go through the search reference manual here.

splunk maps plotting using IP address

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases