This simple query will show if IIS traffic came to a given site from three geographical possibilities: “United States” “International” or “Unknown” sources. This relies entirely on geoip lookup. You can change the country of “United States” to anything you desire for you own data set (just make the change in the eval section below!). […]
Top 5 Visiting Countries in IIS
The following Splunk query will list the top 5 visiting countries using the built in “iplocation” feature in Splunk: sourcetype=”iis” | iplocation c_ip |top limit=5 Country | eval percent = round(percent,2) . ” %” | rename count as Views | rename percent as Percent
