Splunk Cloud Platform

Anyone used the IP Quality Score Add-On?

jhilton90
Path Finder

Does anyone have any experience using the IP Quality Score add-on in Splunk? I've been given very little information on how to actually run searches in the add-on and so far im not getting any results.

For instance I'm trying to use the IP Detection commands on our web traffic logs but I'm not getting any results. I just keep getting an error saying:

 

Exception at "/opt/splunk/etc/apps/TA-ipqualityscore/bin/ipdetection.py", line 127 : There are no events with ip field.

 

 

Labels (2)
Tags (2)

IPQualityScore
New Member
Hi Everyone -  The error below indicates that the field containing the IP address does not exists in the events. The custom command is looking for a field supplied via "field" attribute to the "ipdetection" command. Please make sure you have the correct "field" value specified.
 
For example:

 

... | ipdetection field=ip // sample usage when ip field contains IP address value
... | rex field=_raw "(?<ip_address>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | ipdetection field=ip_address // sample usage when you need to extract IP address from raw event

 

Additional command options can be found in the documentation https://ta-ipqualityscore.readthedocs.io/en/latest/ipdetection.html
 
Please feel free to reach out if you experience any issues: support@ipqualityscore.com
0 Karma

bcsfullsail
Engager

Did you figure anything out with that error?  We have the same issue.

0 Karma

jhilton90
Path Finder

What data are you working with?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...