Does anyone have any experience using the IP Quality Score add-on in Splunk? I've been given very little information on how to actually run searches in the add-on and so far im not getting any results.
For instance I'm trying to use the IP Detection commands on our web traffic logs but I'm not getting any results. I just keep getting an error saying:
Exception at "/opt/splunk/etc/apps/TA-ipqualityscore/bin/ipdetection.py", line 127 : There are no events with ip field.
... | ipdetection field=ip // sample usage when ip field contains IP address value
... | rex field=_raw "(?<ip_address>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | ipdetection field=ip_address // sample usage when you need to extract IP address from raw event
Did you figure anything out with that error? We have the same issue.