Integrating Paid GeoIp2-Enterprise database into S...

jngo · ‎04-14-2023

Hello Splunkers,

I configured Splunk to read the paid GeoIP2 Enterprise database by adding the [iplocation] stanza to the limits.conf for Search App and Indexer. "db_path = /Path/to/database/GeoIP2-Enterprise.mmdb"

I also went in Splunk Web and uploaded the mmdb file in Settings>lookups>GeoIP lookups file.

After a quick Splunk restart, Splunk is still using the free geoip database that came preinstalled with SPlunk.

Anyone successfully integrated the Maxmind GeoIP2 Enterprise database with Splunk Enterprise v9? Additionally, can I use the iplocation command to parse out the new fields from the GeoIP2-Enterprise database such as connection_type, user_type, country_confidence, etc.

Thank you!

_olivier_ · ‎02-07-2025

Hi @jngo ,

I got exactly the same problem.

Have you found a solution to this situation ?

Thanks, Olivier

reincoder · ‎04-16-2023

If you would like, you can take a look at IPinfo's app for IP geolocation data: https://splunkbase.splunk.com/app/4070

The IP geolocation data integration process is fairly straightforward with it.

Integrating Paid GeoIp2-Enterprise database into Splunk Enterprise V9

configuration

using Splunk Enterprise

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?