Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

iplocation command not returning lat/lon fields (with allfields=true)

adewinter
Explorer
‎10-23-2013 08:15 AM

As in subject, I run the following command:

MY_SEARCH | iplocation allfields=true clientip | table lat lon

And the table is empty.

I have verified that clientip does contain values, and that other fields like "City", "City1" and "City2" contain values.

I've also found that the prefix=some_prefix_ option for the "iplocation" command does not work either.

Am I doing something wrong?

0 Karma
Reply

moizmmz
Path Finder
‎12-13-2018 01:31 PM

I read in another answer that if the ip addresses are private, the command won't work. (quite obvious now that I think about it)

0 Karma
Reply

SuganyaSSF
Explorer
‎04-07-2017 05:09 AM

Hi ,

I am facing the similar and the above solution doesn't seem to work , do we have any way to get the location details based on the ip address in splunk

0 Karma
Reply

Lazarix
Communicator
‎11-14-2014 02:21 AM

The right way to use this command is like:

|table c_ip | stats count by c_ip | iplocation c_ip

You can then visualise this on a map like:

|table c_ip | stats count by c_ip | iplocation c_ip | geostats latfield=lat longfield=lon sum(count) as count by c_ip globallimit=0
Reply

jdanucalov1
New Member
‎08-03-2018 11:27 AM

Doesn't work. As the poster mentioned the lat/lon fields aren't being produced at all by iplocation. I'm experiencing the same issue.

0 Karma
Reply

krish3
Contributor
‎02-12-2014 01:49 PM

I have same problem did u get anything that fixed this issue?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
li.common.scroll-to.top