top of page

Add IP Address AS, ASN, and Geo-location Information for Logs in Splunk

Many logs stored in Splunk contain IP Addresses. On it's own an IP address provides some value, but what if you could enrich your logs to show things like:

  • Autonomous System (AS) - who owns the group of IPs that the IP address falls within

  • The Autonomous System Number (ASN) associated with that system

  • Whether or not the IP address is associated with a known proxy

  • The geolocation information associated with the IP address

With Dataflect you can do all of this and more. The following steps show a quick and easy integration between Splunk and using Datflect.

Get an IP2Location API Key

First you need to create an account and get an API Key. You can do this by visiting (there is a free option). Once you have obtained an API Key, store it in a secure location, you will need this later.

Add to your list of Allowed Domains in Dataflect

Create a credential in Dataflect with your API Key

Using Dataflect's powerful capabilities, enrich your search results

Before Dataflect:

After Dataflect:

At this point you may be thinking - this is cool, but I can already add geolocation information to Splunk search results using the iplocation search command. This is true, but that command relies on a static .mmdb file which is only updated occasionally. By using Dataflect + you are getting the most current, up to date information.

It's really that easy! Contact us at to schedule a demo today!


Recent Posts

See All


bottom of page