Hi,
I've been trying to use the geoip command in the Google Maps add-on for Splunk Enterprise to geolocate ip addresses and I'm seeing events appear, but nothing is being plotted on the map and there are no georesults or matching events found.
I've been searching around on the internet for a couple of days, but have had no luck in finding an answer.
Here is my search:
sourcetype="******" "******"
| lookup dnslookup clienthost as ip OUTPUT clientip as temp
| eval ip=if(match(ip,"\d+\.\d+\.\d+\.\d+"),ip,temp)
| stats count by ip
| where count > 5
| sort - count
| geoip ip
Thanks for your help!
↧