I am presently running Splunk Free on my home network, collecting syslog data from my Sophos UTM. I'd like the ability to translate srcip and dstip fields in the firewall data into country names so that I can do searches and pivots however I'm looking for a step by step guide to getting this setup. Splunk is running on Ubuntu Server in a ESX VM. Have anyone put something like this together?
↧