iplocation command not returning lat/lon fields (w...

adewinter · ‎10-23-2013

As in subject, I run the following command:

MY_SEARCH | iplocation allfields=true clientip | table lat lon

And the table is empty.

I have verified that clientip does contain values, and that other fields like "City", "City1" and "City2" contain values.

I've also found that the prefix=some_prefix_ option for the "iplocation" command does not work either.

Am I doing something wrong?

moizmmz · ‎12-13-2018

I read in another answer that if the ip addresses are private, the command won't work. (quite obvious now that I think about it)

SuganyaSSF · ‎04-07-2017

Hi ,

I am facing the similar and the above solution doesn't seem to work , do we have any way to get the location details based on the ip address in splunk

Lazarix · ‎11-14-2014

The right way to use this command is like:

|table c_ip | stats count by c_ip | iplocation c_ip

You can then visualise this on a map like:

|table c_ip | stats count by c_ip | iplocation c_ip | geostats latfield=lat longfield=lon sum(count) as count by c_ip globallimit=0

jdanucalov1 · ‎08-03-2018

Doesn't work. As the poster mentioned the lat/lon fields aren't being produced at all by iplocation. I'm experiencing the same issue.

krish3 · ‎02-12-2014

I have same problem did u get anything that fixed this issue?

iplocation command not returning lat/lon fields (with allfields=true)

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

iplocation command not returning lat/lon fields (with allfields=true)

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25