Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: iplocation.py file missing from $SPLUNK_HOME/e...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rahulkumarfgf
Explorer
02-27-2020
07:26 AM
Hello Eveyone,
I am trying to use iplocation command to search for ip address info within my network. My search is as below:
eventtype=wineventlog_security
| iplocation src_ip prefix=srcip_
| table src_ip, City, Country
I am getting the IP list with other columns blank. I did some research and found iplocation.py is not present in the above directory. I do have GeoLite2-City.mmdb and iso3166 files in "$SPLUNK_HOME/share/" directory. I am wondering if the missing .py file is the reason for my issue. If so, how can I resolve it?
Any help would be much appreciated. Thank You!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sumanssah
Communicator
02-27-2020
08:26 AM
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sumanssah
Communicator
02-27-2020
08:26 AM
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rahulkumarfgf
Explorer
02-27-2020
08:31 AM
Thank you @sumanssah !
That helped. Will try and add the IP's and check if that works. Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sumanssah
Communicator
02-27-2020
08:33 AM
you're welcome 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rahulkumarfgf
Explorer
02-27-2020
08:42 AM
I would like to know if iplocation.py file has been deprecated with the newer version since I was looking at this link
https://answers.splunk.com/answers/37249/specifying-field-w-iplocation.html
and thought it would be helpful to look at the code and make some changes as per requirement. However, I am not able to find the file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rahulkumarfgf
Explorer
02-27-2020
08:21 AM
Update: I was on version 8.0.1 and upgraded it to 8.0.2, however, still can't find iplocation.py file.
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
