Hi guys, i am learning splunk , and working my way through Workflow action, i have a dataset which has a clientip field with over 100+ unique IP address
I am trying to get their GEO location of each IP, can i do that via Workflow action? or i have to do it via LOOKUP?
Can you please show me how to do it?
Assuming the IP addresses are all internet routable and not private addresses this should work fine:
... | iplocation clientip | geostats count by Country
If you want additional fields that iplocation doesnt provide, you can dig into some geospatial lookups:
https://docs.splunk.com/Documentation/Splunk/6.4.2/Knowledge/Configuregeospatiallookups
So I achieve this using LOOKUP or via workflow action?
Attach the given string to the end of your existing search. That is it.