Getting Data In

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Path Finder

I want to run iplocation client_ip for a given sourcetype automatically. For example if i run
I dont want to run the command iplocation.

I would like to automatically look it up for this sourcetype.


index= sourcetype=authentication-logs
| iplocation client_ip

Does anyone know how I can achieve this?

0 Karma
Highlighted

Re: Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Esteemed Legend

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

View solution in original post

Highlighted

Re: Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Splunk Employee
Splunk Employee

@theeansible - Did the answer provided by woodcock help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma