I am evaluating the commercial version of MAXMIND city DB(mmdb) and would like to replace it with the free version that ships out with Splunk. Commercial version of City mdb seems to have more fields than its free version so I would like to know whether the upgrade will break the iplocation in any way or will the iplocation command even display the fields exclusive to commercial version?
For reference:
1) iplocation
http://docs.splunk.com/Documentation/Splunk/6.4.1/SearchReference/iplocation
City, Continent, Country, Region, MetroCode, Timezone, lat (latitude), and lon (longitude).
2) maxmind
https://www.maxmind.com/en/geoip2-city
Includes the following fields:
Continent
Country
Country of Registration (GeoIP2 Only)
Country Represented and Type of Representation (For military bases) (GeoIP2 Only)
Subdivisions (GeoIP2 MMDB Format Only; GeoIP Legacy contains one region)
City Name
Postal Code
Latitude
Longitude (Latitude and Longitude are often near the center of population. These values are not precise and should not be used to identify a particular address or household.)
Accuracy Radius
Metro Code (US only)
Time zone
GeoNames IDs (for localization and pairing outside data; GeoIP2 only)
Any ideas ?
... View more