Hi, I have python script that make query to ip2location. The script work something like that (from IP2Location import IP2Location; IP2LocObj = IP2Location.IP2Location(); IP2LocObj.open("data/IP-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-SAMPLE.BIN"); rec = IP2LocObj.get_all("19.5.10.1"); #Write csv result to splunk... If i'm run the external lookup by: index = myindex | lookup ip2location ip as ip_field Its can run around 50-60 secs (to 500k records), My question is: What can I do except to change my python code to improve the execution time? * I heard something about load the script into Splunk application memory (MEMORY_CACHE ?) Thanks ... View more

Hi, I want to build my own python code that gets parameter IP address, My script using IP2Location and return information about the IP address with IP2Location DB IP2Location https://www.ip2location.com/developers So what I did is build my python script that receives IP address and returns CSV row with the result of IP2Location. My script is located in: /opt/splunk/etc/apps/search/bin And in transforms.conf I configured According this tutorial: https://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Knowledge/Configureexternallookups [ip2location] external_cmd = ip2location.py clientip fields_list = What shold I write here? I'm trying to understand: 1. How do I need to configure the section on [ip2location] in transform.conf? 2. What is the meaning of fields_list? 3. How can I make my script to work in Splunk? I just want Splunk to give my script IP address and return csv as result. Thanks ... View more