Splunk Search

what is the best addon / app to use with [iplocation] for a geographical visual dashboard?

packet_hunter
Contributor

I am looking to build a map of IP locations for remote vpn logins. Does anyone have any suggestions?

Tags (1)
1 Solution

lakromani
Builder

Not sure what you are looking for, but if you in the dashboard add this:

<option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option>

You get a much more detailed map.

You search could be some like this:

your search | iplocation src_ip | eval City = if(isnull(City) OR City="" ,"Unknown",City), home=vpn_user."-".src_ip | geostats globallimit=0 count by home

View solution in original post

lakromani
Builder

Not sure what you are looking for, but if you in the dashboard add this:

<option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option>

You get a much more detailed map.

You search could be some like this:

your search | iplocation src_ip | eval City = if(isnull(City) OR City="" ,"Unknown",City), home=vpn_user."-".src_ip | geostats globallimit=0 count by home

packet_hunter
Contributor

thank you i will try this

0 Karma

packet_hunter
Contributor

Hi Lakromani

Could you please give me a quick walk thru on where exactly I add the ?
I pasted it as the first line in the XML under edit > edit source, after .
Is that correct?
Thank you!

0 Karma

lakromani
Builder

Make your search work giving you the map.
Then save it as an Dashboard.
Open Dashboard
Edit Source
Paste the <option name="mapp.... to the option section.
Save.

0 Karma

packet_hunter
Contributor

Thx, I got it to work!

Is there a way to increase the zoom to a street level with this map?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...