Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When will Splunk upgrade iplocation database?

cahuang
New Member
‎01-16-2017 11:51 PM

Hi Splunk,

Which Iplocation database does Splunk use? Is it Maxmind? We find that the iplocation database which we are using is not the latest one. Does splunk team have any plan to upgrade? Or can our team upgrade on our own?

Thanks!

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2017 05:32 AM

Yes, Splunk uses the Maxmind iplocation database. The database is supposed to be updated with every new release of Splunk. Of course, that could mean waiting months for a location correction.

It is possible to update the database yourself. If you do that, however, Splunk will complain about an invalid file. If you can live with that, then check out https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

dgoodwin1
New Member
‎03-16-2017 01:32 PM

My last loc db update came with patching to 6.3.8. I notice I am no longer getting city name back on a lot of IP addresses so I tried the latest Maxmind db free dl. That new file seems to not work at all with 6.3.8. No results from iplocation not even country. I revert to the old version and I am back in business. Anyone know whats going on?
,I just tried pulling down the latest version from Maxmind and after updating iplocation no longer pulls back any data. Switching back to the old version of the db gets me working again. There is a note on the Maxmind dl page that they updated the format of the file. Is it possible my installation can not longer read the mmdb format? My last update came with patching to
6.3.8.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2017 05:32 AM

Yes, Splunk uses the Maxmind iplocation database. The database is supposed to be updated with every new release of Splunk. Of course, that could mean waiting months for a location correction.

It is possible to update the database yourself. If you do that, however, Splunk will complain about an invalid file. If you can live with that, then check out https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

cahuang
New Member
‎01-19-2017 08:47 PM

Thanks. could you let me know when is next release? Generally when is your release date? Is it in regular plan?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2017 05:11 AM

I'm not a Splunker so I don't have access to the release schedule, but observation shows new version tend to come out every two months or so.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...