Splunk Enterprise Security

Use Maps in Enterprise Security

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I'm configuring Enterprise Security but I found an unattended issue:

I'm trying to use the Maps feature associated to a Source in "Incident Review" dashboard.

In details:

  • I have some Notebles,
  • much of them contain an IP external to the customer and I'd like to visualize the geographic origin of this IP, using the Maps feature associated to the Additional Fields contained in Notable details,
  • but when I click on the mouse right button and I choose the "map <IP address> option, it opens Google Maps but always at the same coordinates that aren't the ones I'm searching.

Must I configure something to have this feature or did someone else experience the same issue?

Thank you for your attention.

Ciao.

Giuseppe

Labels (1)
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco &#43; Splunk! We’ve ...