I am trying to use iplocation command to search for ip address info within my network. My search is as below:
| iplocation srcip prefix=srcip_
| table src_ip, City, Country
I am getting the IP list with other columns blank. I did some research and found iplocation.py is not present in the above directory. I do have GeoLite2-City.mmdb and iso3166 files in "$SPLUNK_HOME/share/" directory. I am wondering if the missing .py file is the reason for my issue. If so, how can I resolve it?
Any help would be much appreciated. Thank You!
Update: I was on version 8.0.1 and upgraded it to 8.0.2, however, still can't find iplocation.py file.
Just to apprise
iplocation command will not work with the internal/intranet environment (unless you have not specified your internal IP geo-location explicitly in Splunk.
Try with external/internet address/host
| makeresults | eval src_ip="22.214.171.124" | iplocation src_ip prefix=srcip_
Thank you @sumanssah !
That helped. Will try and add the IP's and check if that works. Thank you!
I would like to know if iplocation.py file has been deprecated with the newer version since I was looking at this link
and thought it would be helpful to look at the code and make some changes as per requirement. However, I am not able to find the file.