Many logs stored in Splunk contain IP Addresses. On it's own an IP address provides some value, but what if you could enrich your logs to show things like:
Autonomous System (AS) - who owns the group of IPs that the IP address falls within
The Autonomous System Number (ASN) associated with that system
Whether or not the IP address is associated with a known proxy
The geolocation information associated with the IP address
With Dataflect you can do all of this and more. The following steps show a quick and easy integration between Splunk and ip2location.io using Datflect.
Get an IP2Location API Key
First you need to create an account and get an API Key. You can do this by visiting https://www.ip2location.io/ (there is a free option). Once you have obtained an API Key, store it in a secure location, you will need this later.
Add api.ip2location.io to your list of Allowed Domains in Dataflect
Create a credential in Dataflect with your ip2location.io API Key
Using Dataflect's powerful capabilities, enrich your search results
Before Dataflect:
After Dataflect:
At this point you may be thinking - this is cool, but I can already add geolocation information to Splunk search results using the iplocation search command. This is true, but that command relies on a static .mmdb file which is only updated occasionally. By using Dataflect + ip2location.io you are getting the most current, up to date information.
It's really that easy! Contact us at sales@dataflect.com to schedule a demo today!
Comments