icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Google GeoCode
SHA256 checksum (google-geocode_171.tgz) a42b95e728f148b9bfab97824c25a59762aa1ecf3848194089b3827e5add1df3 SHA256 checksum (google-geocode_160.tgz) e50c0d11c952b36baef4a1cdfba1ee245774d27cca3c0b182de06a79fe2218e9 SHA256 checksum (google-geocode_16.tgz) 2de213f6703ef6651fa14687ef858b89f834eef1a0da89c08dcfca78f1ce4d70 SHA256 checksum (google-geocode_15.tgz) e9c0719e327fa880cf390d3978e619e69faa3871dcc8c1461dc03ce9e3663920 SHA256 checksum (google-geocode_14.tgz) 93e4655269da184347d653460a4187eecc4ac846668c90cc3e5180cc312ae139 SHA256 checksum (google-geocode_13.tgz) 2fb5a4bb06270b91d0ff0e4fa7cb14aa3849ba5bb2476e95571ef1522aa7aebb SHA256 checksum (google-geocode_12.tgz) ea6c3d782afc2c70e2089376dc587e9cb2a5f9b264e30ab83ce2d4a10e6ca993 SHA256 checksum (google-geocode_11.tgz) 53468b9c8b190396d0b7189dc66d77ccdf27dd67012c15da97e30e299bdff88b SHA256 checksum (google-geocode_10.tgz) 2b8ce88c05fa731c98b816dface1ae41b8c1bd7601c27fba391ac456f32b2316
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Google GeoCode

Splunk AppInspect Passed
This app helps you translate String address into (latitude, longitude) and also reverse (latitude, longitude) to Address using Google GeoCoding API.

|printgeocode type=geocode address=Address
Returns three new fields: geolocation_status, geolocation_lat and geolocation_lon

|printgeocode type=reverse latfield= lonfield=
Returns two new fields: geolocation_status and geolocation_addr

Requires a API_Key from Google.
API_KEY can be requested from: https://developers.google.com/maps/documentation/javascript/get-api-key

Google allows 2500 requests per day with developer's API Key. One request is mapped against one event.

Google GeoCode App


Google GeoCode app is a way to translate your address fields into (latitude,longitude) and also reverse i.e. (latitude,longitude) into Address. Just use the command "printgeocode" in pipeline to your Splunk search command and convert your address to geolocation points or vice versa.

Version: 1.7.0

Infrastructure Requiment

Any Operating system (tested on Windows 7/10 and Linux)
Splunk 6.4, 6.5, 6.6


  • Install the app on your Splunk Search Head(s).
  • Get a google API key from Google API Key
  • Write the API_Key in the setup page.
  • Restart Splunk Search Head.


  your splunk query|printgeocode type=geocode address=Address_field

Geocoding returns three new fields: geolocation_status, geolocation_lat and geolocation_lon


   your splunk query|printgeocode type=reverse latfield=latfieldname lonfield=lonfieldname

Reverse Geocoding returns two new fields: geolocation_status and geolocation_addr

Where type=geocoding tells the app that it is geocoding and type=reverse indicates that it is Reverse Geocoding
Address_field is the name of the text field in your data which contains a valid address. latfieldname and lonfieldname are fields containing values of latitude and longitudes of an geopoint respectively.

The output fields are prefixed with keyword geolocation.

  • Example-1 Geocoding: Address to latitude,longitude
    index=test sourcetype="users_addresses" 
    | head 2
    | table first_name last_name address city country Address 
    | printgeocode type=geocode address=Address


  • Use map with latitude,longitude from the output of the command
    index=test sourcetype="users_addresses" 
    | head 2
    | table first_name last_name address city country Address
    | printgeocode type=geocode address=Address
    | geostats count latfield=geolocation_lat longfield=geolocation_lon 

Geocoding Map

  • Example-2 Reverse Geocoding: latitude,longitude to Address
    index=test sourcetype="user_latlon" 
    | head 5
    | table policyID line county point_latitude point_longitude 
    | printgeocode type=reverse latfield=point_latitude lonfield=point_longitude 

Reverse Geocoding

As simple as looking for a location on Maps :)

Handling of API key

The Google API Key entered on the setup page is stored as password in encrypted format at Rest Endpoint path:


The password is retrieved, decrypted and then the API is invoked. It is stored at $SPLUNK_HOME/etc/apps/GoogleGeoCode/local/passwords.conf

    [credential::Test Server Key:]
    password = $1$DLLZaK+SYHMnEAonrZi7vpuOEpJUXvi3cX3mV1fonSgdiiz3ZR2BHg==


  • The field geolocation_status is an indicator of the status from Google's Geolocation API. If everything is okay (input, quota of API key and Internet connection), the status will be "OK". Below are some of the status returned by Google's API-

    • "OK" indicates that no errors occurred; the address was successfully parsed and at least one geocode was returned.
    • "ZERO_RESULTS" indicates that the geocode was successful but returned no results. This may occur if the geocoder was passed a non-existent address.
    • "OVER_QUERY_LIMIT" indicates that you are over your quota.
    • "REQUEST_DENIED" indicates that your request was denied.
    • "INVALID_REQUEST" generally indicates that the query (address, components or latlng) is missing.
    • "UNKNOWN_ERROR" indicates that the request could not be processed due to a server error. The request may succeed if you try again.
  • If you get an error "OVER_QUERY_LIMIT", you can try below options -

  • Option1: Get a new Key and put that value in myconfig.py. Restart Splunk search head, the results should be good.

  • Option 2: Wait for midnight PST timezone for the limit to rest :)

  • When you run the command, the information is logged into $SPLUNK_HOME/var/log/googlegeocode.log

    2018-05-02 14:10:35,167 INFO In Reverse Geocode function
    2018-05-02 14:10:37,578 INFO Status from Google GeoCoding API is OK
    2018-05-02 14:21:28,525 INFO In Reverse Geocode function
    2018-05-02 14:21:30,733 INFO Status from Google GeoCoding API is OK

More information and code is avaialble here:

Gitgub Link


The app uses the Google's Geocoding API. Here's the link to their documentation

Geocoding is the process of converting addresses (like "1600 Amphitheatre Parkway, Mountain View, CA") into geographic coordinates (like latitude 37.423021 and longitude -122.083739), which you can use to place markers on a map, or position the map.
Reverse geocoding is the process of converting geographic coordinates into a human-readable address.

The Google Maps Geocoding API provides a direct way to access these services via an HTTP request. The following example uses the Geocoding service through the Google Maps JavaScript API to demonstrate the basic functionality.

Contact Information

For any issues or questions, please reach out to: meenal.luktuke@gmail.com
We provide only Level-1 support for this application.

Release Notes

Version 1.7.1
May 3, 2018

- Adding encryption of API Key
- Added logging mechanism
- Removed geopy dependency
- Added error handling

Version 1.6.0
March 28, 2018

Changed API from geopy to Google
Added error handling using field - geolocation_status

Version 1.6
March 26, 2018

Added error handling with a new field - geolocation_status

Version 1.5
Oct. 3, 2017

Added conf for syntax highlighting

Version 1.4
Oct. 2, 2017

Added feature for Reverse Geocoding

Version 1.3
Sept. 4, 2017

Changed file permissions

Version 1.2
Aug. 25, 2017

Added code for setup.xml

Version 1.1
June 13, 2017

Version 1.0
May 29, 2017


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.