Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you show me how to setup IP GEO lookup workflow action

thakarpratik
Engager
‎08-10-2016 11:00 AM

Hi guys, i am learning splunk , and working my way through Workflow action, i have a dataset which has a clientip field with over 100+ unique IP address

I am trying to get their GEO location of each IP, can i do that via Workflow action? or i have to do it via LOOKUP?

Can you please show me how to do it?

Tags (2)
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-10-2016 12:04 PM

Assuming the IP addresses are all internet routable and not private addresses this should work fine:

... | iplocation clientip | geostats count by Country

If you want additional fields that iplocation doesnt provide, you can dig into some geospatial lookups:

https://docs.splunk.com/Documentation/Splunk/6.4.2/Knowledge/Configuregeospatiallookups

Reply

thakarpratik
Engager
‎08-10-2016 12:13 PM

So I achieve this using LOOKUP or via workflow action?

0 Karma
Reply

woodcock
Esteemed Legend
‎08-12-2016 12:03 PM

Attach the given string to the end of your existing search. That is it.

Reply
Get Updates on the Splunk Community!

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...