Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: iplocation.py file missing from $SPLUNK_HOME/e...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Eveyone,
I am trying to use iplocation command to search for ip address info within my network. My search is as below:
eventtype=wineventlog_security
| iplocation src_ip prefix=srcip_
| table src_ip, City, Country
I am getting the IP list with other columns blank. I did some research and found iplocation.py is not present in the above directory. I do have GeoLite2-City.mmdb and iso3166 files in "$SPLUNK_HOME/share/" directory. I am wondering if the missing .py file is the reason for my issue. If so, how can I resolve it?
Any help would be much appreciated. Thank You!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @sumanssah !
That helped. Will try and add the IP's and check if that works. Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you're welcome 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to know if iplocation.py file has been deprecated with the newer version since I was looking at this link
https://answers.splunk.com/answers/37249/specifying-field-w-iplocation.html
and thought it would be helpful to look at the code and make some changes as per requirement. However, I am not able to find the file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update: I was on version 8.0.1 and upgraded it to 8.0.2, however, still can't find iplocation.py file.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
