I am on splunk cloud and have been using this functionality which is pretty useful to determine what timezone our users are in. It just seems to have stopped since last Tuesday we just got our environment upgraded to Version:8.2.2203.4
it is returning the fields for timezone and metro but no data
Any ideas ? (where x.x.x.x = ip address)
| makeresults 1
| eval src_ip = "x.x.x.x"
| iplocation src_ip allfields=true
| transpose
gives
column | row 1 |
City | Houston |
Continent | North America |
Country | United States |
MetroCode | |
Region | Texas |
Timezone | |
_time | 1663100176 |
lat | 29.7604 |
lon | -95.3698 |
src_ip | x.x.x.x |
I've raised a case but interested if anyone else has experienced this
Ok I fixed it by updating a new version of the GeoLite2-City database - don't appreciate it stop working in an upgrade though! I had a job reliant on that process
Ok I fixed it by updating a new version of the GeoLite2-City database - don't appreciate it stop working in an upgrade though! I had a job reliant on that process