iplocation
iplocation
Synopsis
Extracts location information from ip addresses.
Syntax
iplocation [maxinputs=<int>]
Optional arguments
- maxinputs
- Syntax: maxinputs=<int>
- Description: Specifies how many of the top results are passed to the script.
Description
Finds IPs in _raw and looks up the ip location using the hostip.info database ips are extracted as ip1,ip2 etc. and Cities and Countries are likewise extracted.
Examples
Example 1: Add location information (based on IP address).
... | iplocationExample 2: Search for client errors in Web access events, add the location information, and return a table of the IP address, City and Country for each client error.
404 host="webserver1" | head 20 | iplocation | table clientip, City, CountryAnswers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the iplocation command.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.