Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display multiple field ips using geostats

rakeshyv0807
Explorer
‎03-14-2018 02:28 PM

Hi,

I have three fields which outputs Ip addresses. is there a way to display all these three field IP addresses on the map using geostats. Or is there any other way to populate those IP's on the map.

Thanks in advance

Tags (1)
0 Karma
Reply

tiagofbmm
Influencer
‎03-14-2018 03:20 PM

Hi

Use the append function to achieve that:

| makeresults 
| eval oneIP="192.123.123.12" 
| iplocation ADAS 
| append
 [| makeresults 
| eval otherIP="192.223.123.12" 
| iplocation otherIP]
0 Karma
Reply

niketn
Legend
‎03-14-2018 02:53 PM

@rakeshyv0807 can you add some sample data with three IP address fields and their values? Would these exist on same event and if yes will all three of them always be present on all the events?

Please make sure while posting the sample data you mock/anonymize the data.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

rakeshyv0807
Explorer
‎03-15-2018 08:02 AM

@niketnilay Yes, it's possible that all the three IP's would exist on same event but it is not necessary that all three will be present always in every event. Please refer to the sample data below
This sample data is which I am displaying in a table format right now:
Subject --> username
XFF -> IP address
TCIP -> IP address
XMSFCIP -> IP address

Table:

Subject--------------------------------- XFF------------------TCIP---------------------XMSFCIP
abc@abc.com---------------xx.xxx.xx.xxx----------No Value-------------xx.xxx.xx.xxx
qwe@wer.com-------------xx.xxx.xxx.xx--------xx.xxx.xx.xxx----------xx.xxx.xx.xxx
asd@fgh.com--------------xx.xxx.xx.xxx------------No Value---------------No Value
zxc@zxc.com------------------No Value------------xx.xxx.xxx.xx---------xx.xxx.xx.xxx

So is it possible to generate all the ip's in the map using geostats?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top