- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
iplocation command not returning lat/lon fields (with allfields=true)
As in subject, I run the following command:
MY_SEARCH | iplocation allfields=true clientip | table lat lon
And the table is empty.
I have verified that clientip does contain values, and that other fields like "City", "City1" and "City2" contain values.
I've also found that the prefix=some_prefix_ option for the "iplocation" command does not work either.
Am I doing something wrong?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I read in another answer that if the ip addresses are private, the command won't work. (quite obvious now that I think about it)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
I am facing the similar and the above solution doesn't seem to work , do we have any way to get the location details based on the ip address in splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The right way to use this command is like:
|table c_ip | stats count by c_ip | iplocation c_ip
You can then visualise this on a map like:
|table c_ip | stats count by c_ip | iplocation c_ip | geostats latfield=lat longfield=lon sum(count) as count by c_ip globallimit=0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Doesn't work. As the poster mentioned the lat/lon fields aren't being produced at all by iplocation. I'm experiencing the same issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have same problem did u get anything that fixed this issue?
