Using logs with IP addresses, how can I develop a search that defines remote...
I need to define Remote login from different locations within 1 hour, but my vpn log doesn't have information concerning the country, it just shows the IP. How can I do that?
View ArticleBest Splunk IP geolocation and Internet route registry lookup utility
I'm looking for the best Splunk IP geolocation and IRR lookup utility (doesn't have to be necessarily free and doesn't have to be one tool). Ideally it should provide the following info: country code,...
View ArticleQuery Help - Traffic stats by IP & Geolocation
I'm reaching out to the Splunk community once again for some query help. I'm trying to find all the traffic going through my proxies, specifically the IPs and their geolocation. Does this seem...
View ArticleMapping the location of a TrueClientIP on a Cluster or Choropleth Map.
Is it possible to Map out the locations of the 'TrueClientIP' Field in a search using either a Cluster or Choropleth Map. I have the below Search that shows me any website activity with an "UNKNOWN"...
View ArticleDisplaying a marker for each event
I'm trying to display markers on a map using Splunk. I'm currently trying out `geostats` but i don't seem to get it working. The latitude is stored as `DevEUI_location.DevLAT` and longitude as...
View ArticleHow to create a circle around a lat/lon on Splunk Map by distance
Situation: I need to create a circle of about 400km around a particular lat/lon on Splunk Maps and whenever an object which is also defined by a lat/lon enters within the area of 400km, I should be...
View ArticleHeat map using a zip code
Hi, I have the below data in a csv file. I'd like to create a heat map with the count(zip_code) number inside the marker. Any thoughts on how I would go about this? Many thanks!!! ZIP_CODE...
View ArticleHow can I implement real-time vehicle tracking for India using Splunk?
Hi All, I am trying to implement a vehicle tracking for Country India using splunk? it should be real time tracking. How can i get the map for india and vehicle tracking. Can anyone help me with this....
View ArticleHow can I use Geolocation of a private IP space?
I want to use the geostats feature but how do I do so on a private WAN and the syslog does not have Lat Long fields/raw data? I have an eval that assigns a city to an address space, is there a way to...
View Articleupdating geolocation DB
Currently, we are running 6.6.2 and are using the geolite2 DB to do the iplocation mapping. I have read the following articles: https://www.splunk.com/blog/2014/07/22/updating-the-iplocation-db.html...
View ArticleHow to create an alert for login activity by same userID, different geoLoc,...
I am working with some WAF logs that provide a correlation from sourceIP to city_name, country_name, latitude, and longitude, but not state information. I am currently only looking at the United...
View ArticleHow to Create "Impossible Travel" Security Monitoring Use Case with pure SPL
I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but since this is non-trivial to produce, I thought I would save everyone the work of...
View ArticleChange Geo Map one country font size
Hi all, I'm using standard `geostats` then `count country`in cluster map for one of my dashboard map display. I wonder if it's possible to change one of country's font size displayed on map? **Just...
View ArticleDistance between two Geocoordinates
I'm trying to find the distance between two geo coordinates and am looking for help with the search syntax.Here's what my data looks like Index=S1 created from Sensor1.csv has Id,Lat1,Long1 and...
View ArticleCreate a geo map based on 3 letter country code
I have a query to returns stats count based on the ISO 3 letter country code. How can I create a map visualization for this data?
View ArticleHow to geo map participants IP addresses
Hey all, I have fields with sitename,conferenceID,"participant Type",ClientAgent, "IP Address", Jointime, Leavetime,VoIpDuration. So, I need a geo map: Attendee locations (IP address) using ip address...
View ArticleHow can I draw a line between two cities in a dashboard?
All, I am hoping to draw a line between two sets of lat/lon in a dashboard. Looks like Google API has this. But I can't be the first person who needs to draw a line between two sets of coordinates in...
View ArticleWhat function or command can I use for Splunk to map the latitude and...
Hi, Currently in my data, I have latitude and longitude info for all locations around the world. Is there a way or a handy function available in Splunk to map the latitude and longitude into the...
View ArticleHow to create a choropleth map using state abbreviations?
Does anyone know if/how you can create a choropleth map in Splunk using state abbreviations? I have been trying the following search but to no avail. index=traffic sourcetype="traffic_logs" | stats...
View ArticleHelp Mapping with the Google Maps app
I uploaded a csv file that has these latitude and longitude locations: VictimSex VictimDescent PremiseCode PremiseDescription Address CrossStreet Long Lat F H 101 STREET CAMPUS RD WESTDALE AV -118.212...
View Article