IPinfo Splunk App — What's New

Abdullah · April 16, 2026, 10:37am

We’ve pushed a round of updates to our Splunk integration. Here’s a summary of what changed. For full details, check out our updated documentation.

Splunk Version Support

Added support for Splunk 10.x and Splunk Cloud. The app now supports 9.x and 10.x (previously listed as 9.3.0 with 8.x.y legacy support). The legacy 8.x.y documentation reference has been removed.
Added compatibility with Splunk Enterprise Security environments. Users running ES should update to app version 9.2.0 or later for full compatibility.

New and Updated Databases

Residential Proxy now ships as two separate databases with configurable lookback windows: resproxy_7d.mmdb (7-day) and resproxy_30d.mmdb (30-day), replacing the single resproxy.mmdb.
Privacy Extended is now available as a new database (ipinfo_privacy_extended.mmdb) with updated fields including confidence, coverage, census_ports, inferred, first_seen, and last_seen. The previous Privacy Extended database is preserved as Privacy Extended (Legacy) (privacy_extended.mmdb), so existing users can continue using it without disruption.
Several MMDB file names have been updated to align with our current naming conventions. For example, extended_location.mmdb is now location_extended_v2.mmdb, standard_privacy.mmdb replaces privacy.mmdb, asn.mmdb replaces standard_asn.mmdb, and others. The database table in the documentation now also includes an “Internal Name” column for clarity.
The Location Aggregated MMDB has been removed from the available databases.

New Search Commands and Parameters

Added dedicated search commands as alternatives to the main ipinfo command: ipinfolite, ipinfocore, ipinfoplus, and ipinforesproxy.
New resproxy_lookback parameter (accepts 7 or 30, defaults to 30) lets you choose the lookback window when querying residential proxy data.
The prefix parameter now accepts a list in addition to a boolean. For multi-IP lookups, you can specify custom prefixes per input (e.g., prefix=first_,second_).
Max API support: You can now look up IP addresses against the IPinfo Max API via the restapi parameter in Splunk. This is available for API-based lookups.

New Sections in Documentation

Features overview added at the top of the documentation for a quick summary of app capabilities.
Troubleshooting section added, covering common issues: network/firewall requirements (including storage.googleapis.com allowlisting), permission errors related to list_storage_passwords, MMDB download failures (HTTP 401 fix in v9.1.0), Splunk Enterprise Security compatibility (fix in v9.2.0), Splunk Cloud bundle size limits, proxy connection issues, and a Windows UTF-8 BOM configuration fix.
Saved Searches reference table added, listing all MMDB auto-update scheduled searches with their internal names and default schedules.
Configuration Reference added, documenting all ip_info_setup.conf parameters including general settings, proxy, SSL/TLS (ca_cert_path), MMDB enable/interval patterns, and cluster replication settings.
IPinfo Command Parameters consolidated into a single reference table for easier scanning.

Other Changes

Support contact (support@ipinfo.io) is now referenced directly in the documentation.

Topic		Replies	Views
How to get IP geographical information on Splunk? Support api , database , integration , splunk , sysadmin	6	1207	March 28, 2023
Exploring our IPinfo IP to Residential proxy data General residential-proxy	0	105	February 21, 2025
[Announcement] IPinfo’s Extended Databases are now available on Snowflake ❄ Announcement database , snowflake , extended-database , ip-geolocation-exten , privacy-extended	0	272	May 30, 2023
Look up IP addresses from IPinfo’s IP to Privacy Detection Extended database on Snowflake Integrations & Platforms snowflake , data-warehouse , udtf , extended-database , privacy-extended	0	271	May 30, 2023
Using our IPinfo’s data on Snowflake through direct upload/ingestion Integrations & Platforms snowflake	0	524	November 9, 2023