Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use iplocation to search for instances of a specific city or region?

mgp173455
Loves-to-Learn
‎07-08-2020 12:21 PM

Hello, 

I am trying to use iplocation to search for instances of a specific city or region for example: 

* iplocation ipaddress Region="region"

Instead of returning that specific region it will return all regions. Can anyone tell me if this is a bug or am I missing something? 

Thanks 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2020 01:44 PM

The iplocation command does not have a region option.

iplocation [prefix=<string>] [allfields=<bool>] [lang=<string>] <ip-address-fieldname>

See https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Iplocation 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

mgp173455
Loves-to-Learn
‎07-08-2020 02:14 PM

2DA9842C-92D5-4E27-B93D-4E3BD694D3B9.png

Hi thank you for your reply! 

Ahh I see. From my understanding  the documentation displays a region field with a prefix iploc_ to help distinguish from other fields that might already be present with the same name. 

In my case I don’t have a previous region field so I don’t use the prefix query. Could you provide more insight as to why a prefixed field might be displayed if not supported? (i.e. I have tried doing this with iploc_Region as well) 

 

Any help is much appreciated!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2020 05:08 PM
Region/iploc_region are *output* fields, not input fields. They're part of the results, not part of the command.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...