Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Issues with geo_countries lookup

lgsh
New Member
‎02-05-2025 04:53 AM

I'm using this built-in lookup to determine the Country for gps coordinates as follows:

 

| lookup geo_countries latitude, longitude output featureId as Country

 

The issue is that this lookup doesn't anything for some coordinates.

Some examples:

 

40.711157112847644,-74.01527355439009
40.8293703,-73.9709533
22.2866493,114.195508
-33.84808469677436,151.28320075054089
-38.0159081,-57.5320673

| makeresults
| eval latitude="40.711157112847644"
| eval longitude="-74.01527355439009"
| lookup geo_countries latitude, longitude output featureId as Country

 

Google Maps is capable to find an approx location for above coordinates.

Can anybody provide some guidance please.

Many Thanks.

 

 

 

 

Labels (2)
0 Karma
Reply

tej57
Builder
‎06-24-2025 06:45 AM

Hey @lgsh,

Was this solved? If not, following is the reason for the behavior you are facing.

geo_countries lookup does not have any field named latitude or longitude if you are using the built-in lookup. Following are the fields in the lookup table:

tej57_0-1750772618173.png

 

You'll need to extract the latitude and longitude fields from the geom field and use mvexpand to list record for all the coordinates for the same country as a separate event. You'll then be able to match the latitude and longitude fields from the events with those of the lookup and populate the Country.

Hope this helps with your use case.

Thanks,
Tejas.

 

---
If the solution helps, an upvote is appreciated..!!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...