Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use iplocation to search for instances of a specific city or region?

mgp173455
Loves-to-Learn
‎07-08-2020 12:21 PM

Hello, 

I am trying to use iplocation to search for instances of a specific city or region for example: 

* iplocation ipaddress Region="region"

Instead of returning that specific region it will return all regions. Can anyone tell me if this is a bug or am I missing something? 

Thanks 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2020 01:44 PM

The iplocation command does not have a region option.

iplocation [prefix=<string>] [allfields=<bool>] [lang=<string>] <ip-address-fieldname>

See https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Iplocation 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

mgp173455
Loves-to-Learn
‎07-08-2020 02:14 PM

2DA9842C-92D5-4E27-B93D-4E3BD694D3B9.png

Hi thank you for your reply! 

Ahh I see. From my understanding  the documentation displays a region field with a prefix iploc_ to help distinguish from other fields that might already be present with the same name. 

In my case I don’t have a previous region field so I don’t use the prefix query. Could you provide more insight as to why a prefixed field might be displayed if not supported? (i.e. I have tried doing this with iploc_Region as well) 

 

Any help is much appreciated!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2020 05:08 PM
Region/iploc_region are *output* fields, not input fields. They're part of the results, not part of the command.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...