So, you have Splunk running some Geo-location / iplocation queries, but the location results are sometimes wrong! Simple, your on-board Geo-Location DB (MaxMind) is out of date. It is only usually updated when Splunk is upgraded, but no more! Keep an eye on and set alerts for when the latest DB is released with this handy app. It checks every 12 hours for a new DB release on the MaxMind Website. If there is a new version released you can see the difference in MD5 value on the dashboard as well as an alert in 'Triggered Alarms'. (Set an email alert too!) Once you have the alert, download the new DB, overwrite the one in $splunk_home$/share, restart Splunk and Boom! You are bang up to date again!