Hi Everyone - The error below indicates that the field containing the IP address does not exists in the events. The custom command is looking for a field supplied via "field" attribute to the "ipdetection" command. Please make sure you have the correct "field" value specified. For example: ... | ipdetection field=ip // sample usage when ip field contains IP address value ... | rex field=_raw "(?<ip_address>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | ipdetection field=ip_address // sample usage when you need to extract IP address from raw event Additional command options can be found in the documentation https://ta-ipqualityscore.readthedocs.io/en/latest/ipdetection.html Please feel free to reach out if you experience any issues: support@ipqualityscore.com
... View more