top of page
Search

Add IP Address AS, ASN, and Geo-location Information for Logs in Splunk

Many logs stored in Splunk contain IP Addresses. On it's own an IP address provides some value, but what if you could enrich your logs to show things like:

  • Autonomous System (AS) - who owns the group of IPs that the IP address falls within

  • The Autonomous System Number (ASN) associated with that system

  • Whether or not the IP address is associated with a known proxy

  • The geolocation information associated with the IP address

With Dataflect you can do all of this and more. The following steps show a quick and easy integration between Splunk and ip2location.io using Datflect.


Get an IP2Location API Key

First you need to create an account and get an API Key. You can do this by visiting https://www.ip2location.io/ (there is a free option). Once you have obtained an API Key, store it in a secure location, you will need this later.


Add api.ip2location.io to your list of Allowed Domains in Dataflect


Create a credential in Dataflect with your ip2location.io API Key


Using Dataflect's powerful capabilities, enrich your search results


Before Dataflect:


After Dataflect:


At this point you may be thinking - this is cool, but I can already add geolocation information to Splunk search results using the iplocation search command. This is true, but that command relies on a static .mmdb file which is only updated occasionally. By using Dataflect + ip2location.io you are getting the most current, up to date information.


It's really that easy! Contact us at sales@dataflect.com to schedule a demo today!

Comments


bottom of page