I built a CSV file for my internal IP addresses with office coordinates. Here are the first two lines of that text file:
clientip,name,lat,lon
10.200.0.0/8,My Office,38.746971,-90.464752
I went into the GUI and went to Management, Lookups, Lookup Table Files, New and added the file as geoip_internal.csv (making sure the app context was set to Google Maps (maps)).
I then went to Lookup Definitions, New and created geoip_internal and created it using a type of "File-based" and a Lookup file of geoip_internal.csv (making sure the app context was set to Google Mapes(maps)).
How do I specify from the GUI that I want to a CIDR lookup on this?
Right now if I do a search in the Google Maps app using the search string "sourcetype="router" | lookup geoip_internal clientip as host" it says there are 984 matches. My sample data file is only 984 rows. Nothing maps and if I click on "Events" it shows nothing.
If I modify that search "sourcetype="router" | lookup geoip_internal clientip as host | geoip clientip" it says there are 6 matches. Which is right there are only 6 different hosts in the sample file. It still doesn't map anything and "Events" still shows nothing.
I believe the CIDR lookup is the issue but I could be wrong.
... View more