Solved: Re: Is it possible to automatically run iplocation...

theeansible · ‎02-22-2017

I want to run iplocation client_ip for a given sourcetype automatically. For example if i run
I dont want to run the command iplocation.

I would like to automatically look it up for this sourcetype.

index= sourcetype=authentication-logs | iplocation client_ip

Does anyone know how I can achieve this?

woodcock · ‎02-23-2017

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

View solution in original post

aaraneta_splunk · ‎04-20-2017

@theeansible - Did the answer provided by woodcock help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

woodcock · ‎02-23-2017

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)