Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

map generated ip (fake ip) to longtitude and latitude to use geoip,geostats, iplocation etc

weicheng98
Path Finder
‎06-02-2018 08:26 AM

Hi,

I would like to know is it possible to map the longtitude and latitude to a generated ip so that I can visualise it on a world map ?

If it is possible, can you give me an example on how to do so.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎06-02-2018 09:19 AM

@weicheng98, you should use stats command to plot statistics by IPs and then use iplocation command to get the latitude and longitude for known ip addresses then use geostats command for stats based on IPs on map. You can also get the Splunk Dashboard Examples App to see the examples for plotting data on map.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 09:35 AM

Hi @niketnilay, thanks for your answer. But my IPs are not real IPs (i.e. generated) because it is generated by a traffic generator. So when I use the iplocation command, it is not able to retrieve the latitude and longitude or even the country of where the ip originated from.

In the iplocation documentation, may I ask why is the example answer tutorial data able to retrieve details of the IPs e.g. country,city using iplocation ?

0 Karma
Reply
Solved! Jump to solution

xpac
SplunkTrust
SplunkTrust
‎06-02-2018 10:23 AM

The IPs used in the example are "real" IPs, meaning they are valid public IPv4 adresses. If you choose the right addresses for your example data, you can map them to a location - it just depends on the IPs you use and if they're available in the Geo IP database.

0 Karma
Reply
Solved! Jump to solution

weicheng98
Path Finder
‎06-02-2018 10:46 AM

Hi @xpac, thanks for your answer. Then if that's the case, is it possible to update the Geo IP database manually by myself if the ip I have is not found in the database ?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...