Extracts location information from ip addresses.
- Syntax: maxinputs=<int>
- Description: Specifies how many of the top results are passed to the script.
Finds IPs in _raw and looks up the IP location using the
hostip.info service database. IPs are extracted as ip1,ip2 etc. Cities and countries are likewise extracted. This command requires that the Splunk instance you are running it on have access to the internet.
Example 1: Add location information (based on IP address).
... | iplocation
Example 2: Search for client errors in Web access events, add the location information, and return a table of the IP address, City and Country for each client error.
404 host="webserver1" | head 20 | iplocation | table clientip, City, Country
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the iplocation command.
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18