Databases Reference
In-Depth Information
Let's install a pair of apps and have a little fun. First, install
Geo Location Lookup
Script (powered by MAXMIND)
by clicking on the
Install free
button. You will be
prompted for your
splunk.com
login. This is the same login that you created when
you downloaded Splunk. If you don't have an account, you will need to create one.
Next, install the
Google Maps
app. This app was built by a Splunk customer
and contributed back to the Splunk community. This app will prompt you to
restart Splunk.
Once you have restarted and logged back in, check the
App
menu.
Google Maps
is now visible, but where is Geo Location Lookup Script?
Remember that not all apps have dashboards; nor do they necessarily have
any visible components at all.
Using Geo Location Lookup Script
Geo Location Lookup Script
provides a lookup script to provide geolocation
information for IP addresses. Looking at the documentation, we see this example:
eventtype=firewall_event | lookup geoip clientip as src_ip
You can find the documentation for any Splunkbase app by searching
for it at
splunkbase.com
, or by clicking on
Read more
next to any
installed app by navigating to
Manager
|
Apps
|
Browse more apps
.
Let's read through the arguments of the
lookup
command:
•
geoip
: This is the name of the lookup provided by
Geo Location
Lookup Script
.
Search WWH ::
Custom Search