- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why iplocation search returns fields, but no expec...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm attempting to use iplocation with searches, but it is not returning any additional fields. I am trying to search like so: "220.135.91.199" | iplocation src_ip
It returns records, but none of the fields related to iplocation. The splunk host can access the internet, and I have confirmed it can access the hostip.info site.
Any help or hints/tips would be appreciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can do this search:
index=firewall | iplocation src_ip and it returns values such as City & Country.
Be sure you are matching up the src_ip argument on iplocation with a valid field on your first search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can do this search:
index=firewall | iplocation src_ip and it returns values such as City & Country.
Be sure you are matching up the src_ip argument on iplocation with a valid field on your first search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installed latest update to splunk and iplocation started working. Thanks for helping Jeff!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do see some iplocation search references in SPLUNKD.LOG. Perhaps there are errors there? I do know that iplocation is now built in to Splunk (used to be a Python script) so that would make sense that it is there.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the tip! I searched splunkd.log and wasn't able to location any iplocation references. the only references I found were in the splunkd_access.log and web_access.log files. They are not error messages, but have iplocation in the URL that was called (probably from me attempting to use iplocation in searchs).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I added src_ip, which is a valid field for the search I'm doing, but still no joy on City or Country fields. Is there a log I can check to see if there are errors that are not being presented in the UI?
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
