![]() ![]() This is a free IP geolocation database that is updated on its download page on a weekly basis. To use these two files, you must have a license for the GeoIP2 City database. ![]() The file you update it with can be a copy of one of the following two files. ![]() mmdb file that ships with the Splunk software. Updating the IP geolocation database file This file is located in the $SPLUNK_HOME/share/ directory. The Splunk software ships with a copy of the ip-to-city-lite.mmdb IP geolocation database file. The iplocation command is a distributable streaming command. For example, if you specify prefix=iploc_ the field names that are added to the events become iploc_City, iploc_County, iploc_lat, and so forth. With this argument you can add a prefix to the added field names to avoid name collisions with existing fields. prefix Syntax: prefix= Description: Specify a string to prefix the field name. Specify lang=code to return the fields as two letter ISO abbreviations. This also indicates the priority in descending order. To specify more than one language, separate them with a comma. The set of languages depends on the geoip database that is used. lang Syntax: lang= Description: Render the resulting strings in different languages. Only the City, Country, Region, _time, lat, and lon fields are added to the search results. If set to true, this argument adds the fields City, Continent, Country, MetroCode, Region, Timezone, _time, lat (latitude), and lon (longitude). Optional arguments allfields Syntax: allfields= Description: Specifies whether to add all of the fields from the database to the search results. Iplocation Required arguments ip-address-fieldname Syntax: Description: Specify an IP address field, such as clientip. The setting of the allfields argument determines which fields are added to the events.īecause all the information might not be available for each IP address, an event can have empty field values.įor IP addresses which do not have a location, such as internal addresses, no fields are added. Fields from that database that contain location information are added to each event. The IP address that you specify in the ip-address-fieldname argument, is looked up in a database. This command supports IPv4 and IPv6 addresses and subnets that use CIDR notation. The iplocation command extracts location information from IP addresses by using 3rd-party databases. ![]()
0 Comments
Leave a Reply. |