Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Are there addons for Splunk geolocating devices?

jip31
Motivator
‎09-29-2022 08:44 AM

Hello

I have basic questions about hte way to geolocate devices with Splunk

Is an addon exists?

If not, is it possible to correlate a tool like NetDB with Splunk using DB Connect?

https://web.stanford.edu/group/networking/netdb/help/prod/netdb.html

If yes, what are the prerequesites for doing this?

Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-29-2022 09:51 AM

I don't see an app on splunkbase, but that doesn't mean you can't use the NetDB API to create one.

If there's a JDBC driver for NetDB then you may be able to use DB Connect.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

andrew_nelson
Communicator
‎09-29-2022 09:41 AM

For public IP address space, Splunk comes with an | iplocation function with data accurate as of the Splunk package being published.
iplocation - Splunk Documentation

The documentation comes with info on how to update the database. 

0 Karma
Reply

jip31
Motivator
‎09-29-2022 10:24 PM

OK but it will do no work for me because it's not public adress but internal adress

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...