All Apps and Add-ons

Example of how to identify web page users by country?

sloshburch
Splunk Employee
Splunk Employee

Does anyone have examples of how to use Splunk to identify web page users by country?

0 Karma
1 Solution

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team helped produce this response. Read more about use case examples Splunk® Platform Use Cases on Splunk Docs.

This use case enables application developers and administrators to identify the location of users who access your applications in order optimize the demands placed on global network infrastructure.

This use case is from the Splunk Essentials for Infrastructure Troubleshooting and Monitoring app. For more examples, see the Splunk Essentials for Infrastructure Troubleshooting and Monitoring on Splunkbase.

Identify Web Users by Country

Load data

How to implement: Ingest web server access logs into Splunk Enterprise. Install the Splunk Add-On for Apache Web Server from Splunkbase.

Data check: This use case depends on web server access logs.

Get insights

Determine the geolocation of your users based on the client IP address from web server access logs using commands like iplocation and geostats. Visualize your data in pie charts, tables, and world maps.

Use the following search:

index=* sourcetype=access_combined 
| iplocation clientip
| stats dc(clientip) AS unique_clientip BY Country

Best practice: In searches, replace the asterisk in index=* with the name of the index that contains the data. By default, Splunk stores data in the main index. Therefore, index=* becomes index=main. Use the OR operator to specify one or multiple indexes to search. For example, index=main OR index=security. See About managing indexes and How indexing works in Splunk docs for details.

Help

If no results appear, deploy the Add-ons to the search heads to access the knowledge objects necessary for simple searching. See About installing Splunk add-ons on Splunk Docs for assistance.

For more support, post a question to the Splunk Answers community.

View solution in original post

0 Karma

edgarsilva01
Path Finder

Hi
If you are receiving information in real time, either from an application, firewall, etc. and in some of your fields
you are receiving the IP, you can use the iplocation or geostats command

index =* sourcetype = *
| iplocation "src_ip"
| geostats count by country

you can see the location by country, city, region

0 Karma

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team helped produce this response. Read more about use case examples Splunk® Platform Use Cases on Splunk Docs.

This use case enables application developers and administrators to identify the location of users who access your applications in order optimize the demands placed on global network infrastructure.

This use case is from the Splunk Essentials for Infrastructure Troubleshooting and Monitoring app. For more examples, see the Splunk Essentials for Infrastructure Troubleshooting and Monitoring on Splunkbase.

Identify Web Users by Country

Load data

How to implement: Ingest web server access logs into Splunk Enterprise. Install the Splunk Add-On for Apache Web Server from Splunkbase.

Data check: This use case depends on web server access logs.

Get insights

Determine the geolocation of your users based on the client IP address from web server access logs using commands like iplocation and geostats. Visualize your data in pie charts, tables, and world maps.

Use the following search:

index=* sourcetype=access_combined 
| iplocation clientip
| stats dc(clientip) AS unique_clientip BY Country

Best practice: In searches, replace the asterisk in index=* with the name of the index that contains the data. By default, Splunk stores data in the main index. Therefore, index=* becomes index=main. Use the OR operator to specify one or multiple indexes to search. For example, index=main OR index=security. See About managing indexes and How indexing works in Splunk docs for details.

Help

If no results appear, deploy the Add-ons to the search heads to access the knowledge objects necessary for simple searching. See About installing Splunk add-ons on Splunk Docs for assistance.

For more support, post a question to the Splunk Answers community.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Update: I changed the video link to youtube version.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...