- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: iplocation.py file missing from $SPLUNK_HOME/e...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Eveyone,
I am trying to use iplocation command to search for ip address info within my network. My search is as below:
eventtype=wineventlog_security
| iplocation src_ip prefix=srcip_
| table src_ip, City, Country
I am getting the IP list with other columns blank. I did some research and found iplocation.py is not present in the above directory. I do have GeoLite2-City.mmdb and iso3166 files in "$SPLUNK_HOME/share/" directory. I am wondering if the missing .py file is the reason for my issue. If so, how can I resolve it?
Any help would be much appreciated. Thank You!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to apprise iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
Example
| makeresults
| eval src_ip="8.8.8.8"
| iplocation src_ip prefix=srcip_
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @sumanssah !
That helped. Will try and add the IP's and check if that works. Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you're welcome 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to know if iplocation.py file has been deprecated with the newer version since I was looking at this link
https://answers.splunk.com/answers/37249/specifying-field-w-iplocation.html
and thought it would be helpful to look at the code and make some changes as per requirement. However, I am not able to find the file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update: I was on version 8.0.1 and upgraded it to 8.0.2, however, still can't find iplocation.py file.
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
