I need to define Remote login from different locations within 1 hour, but my vpn log doesn't have information concerning the country, it just shows the IP. How can I do that?
Just use the built-in iplocation command:
Your Base Search Here (assuming field named "clientip") | iplocation clientip | stats count values(clientip) BY City Country
Thanks,for most of the field it turned back nothing in country, should I update the iplocation in splunk, I found
Thanks, should I update the iplocation in splunk, I found