How to get IP geographical information on Splunk?

How to get IP geolocation information on Splunk using IPinfo? I want to get city and country information from IP address logs on Splunk

-supportbot

We have a Splunk App: IPinfo App for Splunk available on SplunkBase.

User Manual

Check out the User manual for the IPinfo Splunk app here: user-manuals/splunk-installation-and-configuration.pdf at main · ipinfo/user-manuals · GitHub

The documentation covers:

• The installation process via the CLI
  • On a single standalone enterprise installation
  • Distributed architecture
  • Standalone installation on the web
• Configuration after installation
• Usage

After you have installed the IPinfo Splunk App, you can enrich your log data with IP information via the API or the database download.

API based solution:

1. Select Method ⇒ Fetch Details via Rest API
2. API URL ⇒ https://ipinfo.io
3. API Token ⇒ Your IPinfo API access token
4. Proxy related information ⇒ This section is optional.

Splunk IPinfo API configuration789×860 75.5 KB

For the API level access, IPinfo provides up to 50K IP geolocation requests/month on the free tier. For more requests and more features consider choosing one our premium tier

Database solution:

To use our IP database solution, you should have access to the MMDB database format of the IP Geolocation Database Download. MMDB database format is designed for rapid IP lookups.

1. Select Method ⇒ Use MMDB
2. Proxy related information ⇒ This section is optional.
3. Location MMDB ⇒ Select yes.
4. Location MMDB Interval (Must be in integer) ⇒
   -Input 1 if your IP geolocation database is updated daily.
   -Input 7 if your IP geolocation database is updated Weekly.
   -Input 30 if your IP geolocation database is updated Monthly.

image789×860 76.9 KB

Our API even though incredibly fast is not the fastest solution possible. For using our data on Splunk we recommend choosing our IP data downloads.

IP Geolocation Database Product Page

- supportbot