Hopefully I have this in the correct location, I'm still new to all of this.
Anyway, we have a subscription to MaxMind databases (Connection-Type, Domain, and ISP databases) and I would like to implement them, but don't know how. I don't know where to store the DB's, how to link them together (if they need to be linked), and how to add them so that I utilize them in searches.
I'm fairly new to Splunk, so feel free to treat me like someone who doesn't know anything.
to4kawa, while I appreciate the assistance that is already information I have. I'm able to replace/update the Geolocation data, but there are 3 other databases worth of information that are not Geolocation data. Since they are, collectively, 4 independent databases I'm trying to figure out how to implement them in Splunk as I believe the other 3 require the ID field in the City database in order to correlate information within the individual databases.