Getting Data In

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Path Finder

I want to run iplocation client_ip for a given sourcetype automatically. For example if i run
I dont want to run the command iplocation.

I would like to automatically look it up for this sourcetype.


index= sourcetype=authentication-logs
| iplocation client_ip

Does anyone know how I can achieve this?

0 Karma
1 Solution

Esteemed Legend

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

View solution in original post

Splunk Employee
Splunk Employee

@theeansible - Did the answer provided by woodcock help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma

Esteemed Legend

You would have to first convert/port the existing iplocation.py command into a scripted lookup and then make that an automatic lookup. Start here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Knowledge/Configureexternallookups

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!