Hi, Splunk newbie here. I am trying to search for values in fields generated by the iplocation command (i.e., Country, City, Continent) but it doesn't appear to recognize those fields. I can table or stats the results but not search.
Here is sample search:
iplocation Caller_ID allfields=true |Country="United States"
Which returns the message:
Unknown search command 'country'.
Any suggestions?
Check if this works..
iplocation Caller_ID allfields=true |search Country="United States"
Check if this works..
iplocation Caller_ID allfields=true |search Country="United States"
Thanks! Problem solved.