Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

When will Splunk upgrade iplocation database?

cahuang
New Member
‎01-16-2017 11:51 PM

Hi Splunk,

Which Iplocation database does Splunk use? Is it Maxmind? We find that the iplocation database which we are using is not the latest one. Does splunk team have any plan to upgrade? Or can our team upgrade on our own?

Thanks!

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2017 05:32 AM

Yes, Splunk uses the Maxmind iplocation database. The database is supposed to be updated with every new release of Splunk. Of course, that could mean waiting months for a location correction.

It is possible to update the database yourself. If you do that, however, Splunk will complain about an invalid file. If you can live with that, then check out https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

dgoodwin1
New Member
‎03-16-2017 01:32 PM

My last loc db update came with patching to 6.3.8. I notice I am no longer getting city name back on a lot of IP addresses so I tried the latest Maxmind db free dl. That new file seems to not work at all with 6.3.8. No results from iplocation not even country. I revert to the old version and I am back in business. Anyone know whats going on?
,I just tried pulling down the latest version from Maxmind and after updating iplocation no longer pulls back any data. Switching back to the old version of the db gets me working again. There is a note on the Maxmind dl page that they updated the format of the file. Is it possible my installation can not longer read the mmdb format? My last update came with patching to
6.3.8.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2017 05:32 AM

Yes, Splunk uses the Maxmind iplocation database. The database is supposed to be updated with every new release of Splunk. Of course, that could mean waiting months for a location correction.

It is possible to update the database yourself. If you do that, however, Splunk will complain about an invalid file. If you can live with that, then check out https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

cahuang
New Member
‎01-19-2017 08:47 PM

Thanks. could you let me know when is next release? Generally when is your release date? Is it in regular plan?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2017 05:11 AM

I'm not a Splunker so I don't have access to the release schedule, but observation shows new version tend to come out every two months or so.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...