Solved: Internal DB used by Splunk 6.0+ for geo details

strive · ‎01-24-2014

Hi,

Could you please let me know, which internal DB is used by splunk 6.0+ for geographical details.

With out connecting to internet I am able to retrieve the City, Country, lat and lon details by using iplocation command.

Also, could you please let me know the procedure involved to update these internal DBs periodically.

Thanks

Strive

Jason · ‎06-03-2014

Sounds like it is maxmind (perhaps maxmind lite) and updated with maintenance releases of Splunk.

http://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command

View solution in original post

Jason · ‎06-03-2014

Sounds like it is maxmind (perhaps maxmind lite) and updated with maintenance releases of Splunk.

http://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command

strive · ‎06-22-2014

Yes splunk is using maxmind geo lite databases. These databases are updated for every minor release. Since maxmind databases get updated once every week (approximately) we have written python script which pulls the latest db files and replaces the older ones in our system.

Internal DB used by Splunk 6.0+ for geo details

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms