Hi @mdillon_splunk,  There is now a requirement that we and other users first obtain a free license key from MaxMind (https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) and update the link to take this into account such that the URL becomes "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN-CSV&license_key=INSERT_LICENSE_KEY_HERE&suffix=zip". The reason I'm raising this after quite some time since the last post on this thread is that I'm wondering whether "SOLNESS-17731" is also planning to take into account that the backend Python code that Splunk uses for this functionality (called "threatlist.py" & "protocols.py") seems to currently be unable to process archives which have multiple files within, as the screenshot below from my experimentation shows:   The problem here is that MaxMind currently doesn't provide these files except as part of a ZIP or TAR.GZ archive with the following multi-file structure: Folder: GeoLite2-ASN-CSV_20200728 File underneath: GeoLite2-ASN-Blocks-IPv4.csv File underneath: COPYRIGHT.txt File underneath: GeoLite2-ASN-Blocks-IPv6.csv File underneath: LICENSE.txt   Thus, it would be ideal if we could somehow specify a configuration parameter when setting up the input like "File location: GeoLite2-ASN-CSV_YYYYmmdd/GeoLite2-ASN-Blocks-IPv4.csv" so that we can select which file Splunk will parse out of the archive. We have a use case which relies on these CIDR IP <> ASN mappings so it would be great to get an update on whether something like the above has been considered as part of "SOLNESS-17731"; also could you please let me know if this should rather be raised as a Splunk Idea instead.   Many thanks ! ... View more