Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

map generated ip (fake ip) to longtitude and latitude to use geoip,geostats, iplocation etc

weicheng98
Path Finder
‎06-02-2018 08:26 AM

Hi,

I would like to know is it possible to map the longtitude and latitude to a generated ip so that I can visualise it on a world map ?

If it is possible, can you give me an example on how to do so.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 09:35 AM

Hi @niketnilay, thanks for your answer. But my IPs are not real IPs (i.e. generated) because it is generated by a traffic generator. So when I use the iplocation command, it is not able to retrieve the latitude and longitude or even the country of where the ip originated from.

In the iplocation documentation, may I ask why is the example answer tutorial data able to retrieve details of the IPs e.g. country,city using iplocation ?

0 Karma
Reply
Solved! Jump to solution

xpac
SplunkTrust
SplunkTrust
‎06-02-2018 10:23 AM

The IPs used in the example are "real" IPs, meaning they are valid public IPv4 adresses. If you choose the right addresses for your example data, you can map them to a location - it just depends on the IPs you use and if they're available in the Geo IP database.

0 Karma
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 10:46 AM

Hi @xpac, thanks for your answer. Then if that's the case, is it possible to update the Geo IP database manually by myself if the ip I have is not found in the database ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...