how can I intergrity vector map with maxmind GeoIP database ?
Thank you !
The example in the app description already shows how to integrate it with the geoip command (which uses the maxmind database).
<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="true">
<param name="search">sourcetype=access_combined clientip=* | geoip clientip</param>
<param name="earliest">-24h@h</param>
<module name="VectorMap">
<param name="mapType">world</param>
<param name="field">clientip_country_code</param>
<param name="backgroundColor">#333333</param>
</module>
</module>
It can be done by copying the module library (eg. mmap.so) from a native installation of python to $SPLUNK_HOME/lib/python*
. Although I added this option, it probably does not provide a huge performance benefit, since Splunk's lookup mechanism already optimizes a lot.
The example in the app description already shows how to integrate it with the geoip command (which uses the maxmind database).
<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="true">
<param name="search">sourcetype=access_combined clientip=* | geoip clientip</param>
<param name="earliest">-24h@h</param>
<module name="VectorMap">
<param name="mapType">world</param>
<param name="field">clientip_country_code</param>
<param name="backgroundColor">#333333</param>
</module>
</module>
Thank you very much!