Simple GeoIP Information for Web Traffic

This simple query will show if IIS traffic came to a given site from three geographical possibilities: “United States” “International” or “Unknown” sources. This relies entirely on geoip lookup. You can change the country of “United States” to anything you desire for you own data set (just make the change in the eval section below!).

 

Share This:

Comments

  1. SplunkNinja

    Make sure there are no unique fields extracted. Ensure some of the search works and then add to it. Start with this: “sourcetype=”iis” | iplocation c_ip ” and continue to add sections until it doesn’t work anymore :) I’ll be back in the office on Monday and can take a look at my data to help!

Leave A Comment?