iplocation command not returning lat/lon fields (w...

adewinter · ‎10-23-2013

As in subject, I run the following command:

MY_SEARCH | iplocation allfields=true clientip | table lat lon

And the table is empty.

I have verified that clientip does contain values, and that other fields like "City", "City1" and "City2" contain values.

I've also found that the prefix=some_prefix_ option for the "iplocation" command does not work either.

Am I doing something wrong?

moizmmz · ‎12-13-2018

I read in another answer that if the ip addresses are private, the command won't work. (quite obvious now that I think about it)

SuganyaSSF · ‎04-07-2017

Hi ,

I am facing the similar and the above solution doesn't seem to work , do we have any way to get the location details based on the ip address in splunk

Lazarix · ‎11-14-2014

The right way to use this command is like:

|table c_ip | stats count by c_ip | iplocation c_ip

You can then visualise this on a map like:

|table c_ip | stats count by c_ip | iplocation c_ip | geostats latfield=lat longfield=lon sum(count) as count by c_ip globallimit=0

jdanucalov1 · ‎08-03-2018

Doesn't work. As the poster mentioned the lat/lon fields aren't being produced at all by iplocation. I'm experiencing the same issue.

krish3 · ‎02-12-2014

I have same problem did u get anything that fixed this issue?

iplocation command not returning lat/lon fields (with allfields=true)

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Are you a member of the Splunk Community?

iplocation command not returning lat/lon fields (with allfields=true)

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...