- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Not getting latitude, longitude, city and country ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not getting latitude, longitude, city and country data after running iplocation command
Hi,
We are not able to get latitude, longitude, City and Country fields after running Iplocation command, as these fields are required to show data on a map we are also not able to see anything in the visualization.
query:
| tstats summariesonly=t count FROM datamodel=Web WHERE Web.site="*" "Web.eventtype"=pageview GROUPBY Web.http_session,Web.clientip | iplocation Web.clientip
The clientip field is present in the data.
Is there a specific field required in data (apart from the ip field) in order to generate latitude, longitude, City and Country fields using iplocation command?
Please let us know.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I found the below link related to this issue,
https://answers.splunk.com/answers/123430/how-to-update-geoip-database-for-iplocation-command.html
Please have a look and let me know if this can help? And what exactly shall be done?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, for the link to the article.
But while running the below query I am getting results ( as while searching for the sourcetype in the app I am getting values under the field clientip),
| tstats summariesonly=t count FROM datamodel=Web where Web.site="*" by Web.clientip | iplocation Web.clientip
while running my earlier posted query no result is showing up now, but was showing up earlier. And am able to see 38,537 events but no statistics.
Also I ran the below query and it showed events matching but no stats,
| tstats summariesonly=t count FROM datamodel=Web where Web.site="*" by Web.src
Although WA_session lookup in our instance has no data( which has the fields http_session). So in order to use http_session we need to add data to the file first? Or there is some search that populates this lookup?
Please let us know.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
clientip is not a field in the web data model. src is. Eventtype, http_sessions are not defined in it either. Unless you modified the model then reaccelerated it.
http://docs.splunk.com/Documentation/CIM/4.8.0/User/Web
| tstats summariesonly=t count FROM datamodel=Web where Web.site="*" by Web.src | iplocation Web.src
Splunk Custom Visualizations App End of Life
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
