Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Issues with geo_countries lookup

lgsh
New Member
‎02-05-2025 04:53 AM

I'm using this built-in lookup to determine the Country for gps coordinates as follows:

 

| lookup geo_countries latitude, longitude output featureId as Country

 

The issue is that this lookup doesn't anything for some coordinates.

Some examples:

 

40.711157112847644,-74.01527355439009
40.8293703,-73.9709533
22.2866493,114.195508
-33.84808469677436,151.28320075054089
-38.0159081,-57.5320673

| makeresults
| eval latitude="40.711157112847644"
| eval longitude="-74.01527355439009"
| lookup geo_countries latitude, longitude output featureId as Country

 

Google Maps is capable to find an approx location for above coordinates.

Can anybody provide some guidance please.

Many Thanks.

 

 

 

 

Labels (2)
0 Karma
Reply

tej57
Contributor
3 weeks ago

Hey @lgsh,

Was this solved? If not, following is the reason for the behavior you are facing.

geo_countries lookup does not have any field named latitude or longitude if you are using the built-in lookup. Following are the fields in the lookup table:

tej57_0-1750772618173.png

 

You'll need to extract the latitude and longitude fields from the geom field and use mvexpand to list record for all the coordinates for the same country as a separate event. You'll then be able to match the latitude and longitude fields from the events with those of the lookup and populate the Country.

Hope this helps with your use case.

Thanks,
Tejas.

 

---
If the solution helps, an upvote is appreciated..!!

Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...