Splunk Search

searching iplocation generated fields

New Member

Hi, Splunk newbie here. I am trying to search for values in fields generated by the iplocation command (i.e., Country, City, Continent) but it doesn't appear to recognize those fields. I can table or stats the results but not search.

Here is sample search:

iplocation Caller_ID allfields=true |Country="United States"

Which returns the message:

Unknown search command 'country'. 

Any suggestions?

Tags (1)
0 Karma
1 Solution

Influencer

Check if this works..
iplocation Caller_ID allfields=true |search Country="United States"

View solution in original post

Influencer

Check if this works..
iplocation Caller_ID allfields=true |search Country="United States"

View solution in original post

New Member

Thanks! Problem solved.

0 Karma