Hello Splunkers, I configured Splunk to read the paid GeoIP2 Enterprise database by adding the [iplocation] stanza to the limits.conf for Search App and Indexer. "db_path = /Path/to/database/GeoIP2-Enterprise.mmdb" I also went in Splunk Web and uploaded the mmdb file in Settings>lookups>GeoIP lookups file. After a quick Splunk restart, Splunk is still using the free geoip database that came preinstalled with SPlunk. Anyone successfully integrated the Maxmind GeoIP2 Enterprise database with Splunk Enterprise v9? Additionally, can I use the iplocation command to parse out the new fields from the GeoIP2-Enterprise database such as connection_type, user_type, country_confidence, etc. Thank you!
... View more