Splunk Enterprise Security

Identifying events that originate greater than 50 miles from a lon\lat.

bbraun
New Member

Hello,

We have multiple international locations (Japan, Italy, Spain ect...) and are looking to identify events that occur outside a 50 mile radius from each location using their latitude and longitude. The end goal is to set different thresholds for these sites. Id imagine ill need to create a lookup for each locations latitude and longitude for the query to reference.

I'm not exactly sure where to begin and hope you guys can point me in the right direction.

0 Karma

lakshman239
SplunkTrust
SplunkTrust

Have you looked access anomalies dashboard which is available as part of user activity monitoring? Geographically Improbable Accesses - https://docs.splunk.com/Documentation/ES/5.3.0/User/UserRisk#Access_Anomalies

0 Karma

bbraun
New Member

yea, I figured I could steal logic from the Correlation Search as a plan B. I was hoping someone had already tackled this issue since I dont have a lot of experience building queries.

0 Karma

Tune In & Win!

Don't miss out on your
chance to take home free
prizes by helping our players
save the Splunk Cloudom!

Dungeons & Data
Monsters: Splunk O11y
Day Editions Games
stream live:
5/4 at 6:30pm PST
5/5 at 7:00pm PST
on