Getting Data In

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

theeansible
Path Finder

I want to run iplocation client_ip for a given sourcetype automatically. For example if i run
I dont want to run the command iplocation.

I would like to automatically look it up for this sourcetype.


index= sourcetype=authentication-logs
| iplocation client_ip

Does anyone know how I can achieve this?

0 Karma
1 Solution

woodcock
Esteemed Legend

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

View solution in original post

aaraneta_splunk
Splunk Employee
Splunk Employee

@theeansible - Did the answer provided by woodcock help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma

woodcock
Esteemed Legend

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...