Splunk Enterprise

Splunk Tile Maps

leandromatperei
Path Finder

How can I, from an IP, obtain its location to bring information by region? In the example below I only have the IP column, I need to bring information about the country and region of the same.

 

IP="189.80.213.213",Produto="Chuveiro Ducha Advanced Eletronica Turbo Lorenzetti",Valor="164,00",Categoria=Banho,Campanha="2",Vendeu="1",MetododeCompra="1",Bandeira="1",Transportadora="4",Frete="17,26",Time=2021/01/26 19:06:32.179"

IP="177.184.142.26",Produto="Crepeira Eletrica 4 Cavidades Antiaderente",Valor="99,90",Categoria=Cozinha,Campanha="2",Vendeu="1",MetododeCompra="1",Bandeira="1",Transportadora="1",Frete="10,24",Time=2021/01/26 19:06:31.579"

 

Labels (2)
Tags (1)
0 Karma
1 Solution

manjunathmeti
SplunkTrust
SplunkTrust

Splunk contains 3rd party database in $SPLUNK_HOME/share/. If you don't get data for country/regions for all your IPs. You may need to replace it.
Check this: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation#Usage

 

View solution in original post

0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

hi @leandromatperei,

Use iplocation command. It returns City, Country, lat, lon, and Region of the IPs.

| makeresults | eval ip="177.184.142.26" | iplocation ip

Check this page for more info: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation

If this reply helps you, an upvote/like would be appreciated.

 

0 Karma

leandromatperei
Path Finder

Hi @manjunathmeti,

 
Even using iplocation it does not bring me in many IP's the region and the city. Can you help me?
 
 

 

| makeresults | eval ip="200.223.134.86" | iplocation ip

 


https://tools.keycdn.com/geo?host=200.223.134.86 

0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

Splunk contains 3rd party database in $SPLUNK_HOME/share/. If you don't get data for country/regions for all your IPs. You may need to replace it.
Check this: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Iplocation#Usage

 

0 Karma
Get Updates on the Splunk Community!

KVStore failure after upgrade to 9.0

After upgrading to Splunk 9.0 on a single instance, we occasionally get KV Store errors.&nbsp;<span ...

SOAR Tenable.sc scan endpoint with credentials

When scanning an endpoint in SOAR how to you get a credential scan? I can start a scan via SOAR playbook but ...

Is there an add-on for the Cisco Meraki devices?

We have many&nbsp;Cisco Meraki devices sending data via syslog to Splunk. Is there an add-on for ...