×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
BeefSupreme
New Member
Member since: ‎02-09-2022
‎02-09-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-09-2022
Activity Feed
View All

How to enrich GeoIP at index time?

by in Getting Data In
‎02-09-2022 01:02 PM
‎02-09-2022 01:02 PM
I am sure this is a pretty common use case, mainly because IP addresses move, the data is not static so for security retro hunts etc or even just searching a few days of data, the Geo data needs to be static in the data and can't be a search lookup.  Technically i can't even think of a use case where you would ever want Geo data to be a search lookup but I am sure there are some use cases out there.  Elasticsearch has a couple options to do this, IE ingest nodes or logstash so I am sure a millions people are doing this in Splunk. If someone could point me at the documentation I would appreciate it. Closest thing I could find is ingest time eval but not sure how that does geoip enrichment ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-09-2022 06:05 PM