I have a Linux Environment and SSH is a thing here. I need to show SSH log in with location. I got the map to work but know I need to figure out how to show the IP's based on two locations based on the first two octets of the IP address schema.
Example:
Texas: 192.168.x.x
California: 172.16.x.x
index=Exampe_index "ssh" sourcetype="Example_audit" "res"=success type=USER_LOGIN hostname=*| iplocation addr | geostats latfield=lat longfield=lon count
Thank you everyone for commenting. I have pre-defined location already based on the first two octets of the IP address schema. I thought there would be a way to identify location in that manner. Example
Log in attempt from user1 from 192.168.x.x means they are coming from Texas
Log in attempt from user2 from 172.168.x.x mean they are coming from California.
Rember this are examples and I totally understand their local IP and geo tagging might not be possible since there internal IP. In this example we know the first two octas indicated California or Texas. The idea is to have a dashboard for Linux users that shows a map of Authentication user taking place based on IP address. There is only two IP address scheme we are dealing with and only two locations in this example each corresponding to the location in the example 192.168.x.x is Texas and 172.168.x.x is California. Hope this helps:) Something like the below image:
