This supporting add-on (SA) for Splunk advanced IP information enrichment using the MaxMind family of databases.
https://www.maxmind.com/en/geoip2-databases
Supported
City2Lite
City2 (optional)
ISP (optional)
ConnectionType (optional)
| `seckit_iplocation(fieldname)`
| `seckit_iplocation(fieldname,prefix)`
Where fieldname is the name of the field containing the IP
prefix is the prefix to assign to the output fields
| NOOP | stats count | EVAL src="8.8.4.4" | `seckit_iplocation(src)`
tag=network tag=communicate | `seckit_iplocation(src,"geo")`
https://github.com/splunk/seckit_sa_geolocation
- Update the geoipupdate utility
- Update geoip2 library
- Add new fields from the anonymous IP DB
- BREAKING CHANGE: Drop support for Splunk Enterprise <8.0 due to python3 requirements of Geoip2
Minor update missing JS files due to misconfigured gitignore
- Update maxmind geoip update utility
- Require account and token now that MaxMind is suspended anonymous downloads of mmdb
- Python2/3 support
- Update geolocation utility to version 4.0.3
- Ensure +x is set on geolocation utility
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.