Splunk Dev

How to change "(unknown location)" ?

roshan_f
New Member

Hi Guys
final numbers called: 00442........ (unknown location)
How will I change (unknown location) to United Kingdom ?

Regards

Tags (1)
0 Karma

nickhills
Ultra Champion

Download the global location lookup file from here:
https://github.com/nickhills81/telephonyToolbox/blob/master/lookups/global-loc.csv

From the UI, goto Lookups - Lookup table files
Add new, choose file. I suggest you keep the filename the same
-or copy the lookup file to yourApp/lookups (you may need to create that folder if you have no existing lookups)

From the UI, goto Lookups - Lookup definitions
Add a file-based lookup definition using global-loc.csv

You will now be able to perform lookups like so:

somesearch|lookup global-loc countryCode as yourcountryCode areaCode as yourareaCode OUTPUTNEW countryName,areaName,cCity,lat,lon,iso2|table yourcountryCode yourareaCode  countryName,areaName,cCity,lat,lon,iso2

Which should give you a table like so:
alt text

If my comment helps, please give it a thumbs up!

nickhills
Ultra Champion

just a note on the cCity field...
This is a lookup file i have compiled over time. For some countries (UK,US and a few others) the coordinates are based on the area code. However in cases where i have not found a decent position information for the area (or its too small) the lat and long relates to the Capital City. Good for pub quiz trivia too!

If my comment helps, please give it a thumbs up!
0 Karma

nickhills
Ultra Champion

I noticed that there were a few obvious errors in the csv - apologies. I have corrected and reuploaded

If my comment helps, please give it a thumbs up!
0 Karma

roshan_f
New Member

Thank you Nick
Totally appreciate your help

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

So... you're splunking phone data and are trying to look up country code to country?

0 Karma

nickhills
Ultra Champion

I have written a load of scripts which do this.

However, if your only worried about UK only (or a very small set of international numbers) you can probably do some simple |eval location=if(prefix="0044","UK","Unknown") type stuff.

But if you want to catch any country code you are going to be better off with lookup tables, or some lookup scripts which do the heavy lifting.

If my comment helps, please give it a thumbs up!
0 Karma

roshan_f
New Member

Thank you , Sound Good to me
Where is teh lookup tables ?
Regards

0 Karma

nickhills
Ultra Champion

let me upload it somewhere

If my comment helps, please give it a thumbs up!
0 Karma

roshan_f
New Member

Thank you Nick
Manged to find it
Appreciate you assisting and pointing me toward the correct direction

0 Karma

roshan_f
New Member

Sorry i did the changes but do not see it reflected while i generated my reports
Do i need to Stop and Start any service

Regards

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...