Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

map generated ip (fake ip) to longtitude and latitude to use geoip,geostats, iplocation etc

weicheng98
Path Finder
‎06-02-2018 08:26 AM

Hi,

I would like to know is it possible to map the longtitude and latitude to a generated ip so that I can visualise it on a world map ?

If it is possible, can you give me an example on how to do so.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 09:35 AM

Hi @niketnilay, thanks for your answer. But my IPs are not real IPs (i.e. generated) because it is generated by a traffic generator. So when I use the iplocation command, it is not able to retrieve the latitude and longitude or even the country of where the ip originated from.

In the iplocation documentation, may I ask why is the example answer tutorial data able to retrieve details of the IPs e.g. country,city using iplocation ?

0 Karma
Reply
Solved! Jump to solution

xpac
SplunkTrust
SplunkTrust
‎06-02-2018 10:23 AM

The IPs used in the example are "real" IPs, meaning they are valid public IPv4 adresses. If you choose the right addresses for your example data, you can map them to a location - it just depends on the IPs you use and if they're available in the Geo IP database.

0 Karma
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 10:46 AM

Hi @xpac, thanks for your answer. Then if that's the case, is it possible to update the Geo IP database manually by myself if the ip I have is not found in the database ?

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...