Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Tile Maps

leandromatperei
Path Finder
‎03-20-2021 03:55 AM

How can I, from an IP, obtain its location to bring information by region? In the example below I only have the IP column, I need to bring information about the country and region of the same.

 

IP="189.80.213.213",Produto="Chuveiro Ducha Advanced Eletronica Turbo Lorenzetti",Valor="164,00",Categoria=Banho,Campanha="2",Vendeu="1",MetododeCompra="1",Bandeira="1",Transportadora="4",Frete="17,26",Time=2021/01/26 19:06:32.179"

IP="177.184.142.26",Produto="Crepeira Eletrica 4 Cavidades Antiaderente",Valor="99,90",Categoria=Cozinha,Campanha="2",Vendeu="1",MetododeCompra="1",Bandeira="1",Transportadora="1",Frete="10,24",Time=2021/01/26 19:06:31.579"

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-20-2021 07:49 AM

Splunk contains 3rd party database in $SPLUNK_HOME/share/. If you don't get data for country/regions for all your IPs. You may need to replace it.
Check this: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation#Usage

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎03-20-2021 05:05 AM

hi @leandromatperei,

Use iplocation command. It returns City, Country, lat, lon, and Region of the IPs.

| makeresults | eval ip="177.184.142.26" | iplocation ip

Check this page for more info: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation

If this reply helps you, an upvote/like would be appreciated.

 

0 Karma
Reply
Solved! Jump to solution

leandromatperei
Path Finder
‎03-20-2021 05:51 AM

Hi @manjunathmeti,

 
Even using iplocation it does not bring me in many IP's the region and the city. Can you help me?
 
 

 

| makeresults | eval ip="200.223.134.86" | iplocation ip

 


https://tools.keycdn.com/geo?host=200.223.134.86 

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-20-2021 07:49 AM

Splunk contains 3rd party database in $SPLUNK_HOME/share/. If you don't get data for country/regions for all your IPs. You may need to replace it.
Check this: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation#Usage

 

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...