Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Anyone used the IP Quality Score Add-On?

jhilton90
Path Finder
‎07-26-2022 07:48 AM

Does anyone have any experience using the IP Quality Score add-on in Splunk? I've been given very little information on how to actually run searches in the add-on and so far im not getting any results.

For instance I'm trying to use the IP Detection commands on our web traffic logs but I'm not getting any results. I just keep getting an error saying:

 

Exception at "/opt/splunk/etc/apps/TA-ipqualityscore/bin/ipdetection.py", line 127 : There are no events with ip field.

 

 

Labels (2)
Labels
Tags (2)
Reply

IPQualityScore
New Member
‎09-01-2023 04:10 PM
Hi Everyone -  The error below indicates that the field containing the IP address does not exists in the events. The custom command is looking for a field supplied via "field" attribute to the "ipdetection" command. Please make sure you have the correct "field" value specified.
 
For example:

 

... | ipdetection field=ip // sample usage when ip field contains IP address value
... | rex field=_raw "(?<ip_address>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | ipdetection field=ip_address // sample usage when you need to extract IP address from raw event

 

Additional command options can be found in the documentation https://ta-ipqualityscore.readthedocs.io/en/latest/ipdetection.html
 
Please feel free to reach out if you experience any issues: support@ipqualityscore.com
0 Karma
Reply

jviray
Explorer
2 weeks ago

Even using a field that has defined IP values doesn't work and returned the following error:

"Streamed search execute failed because: Error in 'ipdetection' command: External search command exited unexpectedly with non-zero error code 1.."

This works but you can't pass values to it within a query:

| ipqualityscore field="IP Address" value="8.8.8.8"

0 Karma
Reply

bcsfullsail
Engager
‎12-16-2022 01:00 PM

Did you figure anything out with that error?  We have the same issue.

0 Karma
Reply

jhilton90
Path Finder
‎12-19-2022 08:08 AM

What data are you working with?

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...