Solved: Wrong visualization of geoip on Splunk Cloud

gcusello · ‎01-12-2023

Hi at all,
I found an issue in iplocation database on Splunk Cloud: if i use iplocation for many IP address (e.g. 147.161.244.186) I find Sao Paulo (Brazil) but using whois I find Amsterdam (NL) that's the correct answer.

It could be a bug or an update problem, has anyone experienced this issue?

and is there anyone that knows how to update iplocation database on Splunk Cloud: it shouldn't be possible.

How can I intervene?

Thank you for your support.

Ciao.

Giuseppe

gcusello · ‎01-29-2023

Hi at all,

Splunk Support solved my problem, this is the solution for the other people of Community.

After downloading the .mmdb file from https://db-ip.com/db/download/ip-to-city-lite follow the 4th step in Updating the IP geolocation database file

Thanks to them!

Ciao.

Giuseppe

View solution in original post

gcusello · ‎01-29-2023

Hi at all,

Splunk Support solved my problem, this is the solution for the other people of Community.

After downloading the .mmdb file from https://db-ip.com/db/download/ip-to-city-lite follow the 4th step in Updating the IP geolocation database file

Thanks to them!

Ciao.

Giuseppe

Wrong visualization of geoip on Splunk Cloud

chart

dashboard

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...