Dashboards & Visualizations

Best Splunk IP geolocation and Internet route registry lookup utility

jankowsr
Path Finder

I'm looking for the best Splunk IP geolocation and IRR lookup utility (doesn't have to be necessarily free and doesn't have to be one tool).
Ideally it should provide the following info: country code, country name, city, latitude, longitude, ASN number, ASN org name, BGP network prefix, prefix name from the route registry

What I have found so far:

I guess most of that job should do simple script using free MaxMind database. I'm somehow surprised I can't find anything like that but I could have overlooked something obvious.
Any other suggestions with regards to up to date tools?

1 Solution

jankowsr
Path Finder

I haven't found anything that exactly suits my needs but I've found acceptable for me compromise. Instead of using geoip from Google Maps and Geo ASN, which are slow and obsolete I use the following combination:

As a result query is few times faster in comparision to geo ASN and goip python lookups and the data is much more up to date.

View solution in original post

jankowsr
Path Finder

I haven't found anything that exactly suits my needs but I've found acceptable for me compromise. Instead of using geoip from Google Maps and Geo ASN, which are slow and obsolete I use the following combination:

As a result query is few times faster in comparision to geo ASN and goip python lookups and the data is much more up to date.

aaraneta_splunk
Splunk Employee
Splunk Employee

Hi @jankowsr - Glad you were able to find a workaround for your question. If you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers, you don't have to take action on it yet. Thanks!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...