Refine your search:

geoASN app on certain city/countr

0

Currently started using the geoASN app with the maxmind db's and it's working great on our sourcetypes with ip's, and | geoip lookups etc.

What's the best way to report on only certain countries/cities that I am watching. Say i have a list of 50-100 countries or cities

Maybe pass a inputlookup with those listed countries? Just curious best way to handle this. Current search being used is: sourcetype="access_combined" | lookup ga ip as clientip | stats count by country, org | sort - count

asked 17 May '12, 14:18

sonicZ's gravatar image

sonicZ
1.2k28
accept rate: 33%

Be the first one to answer this question!
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×294

Asked: 17 May '12, 14:18

Seen: 548 times

Last updated: 17 May '12, 14:18

Related questions

geoasn APP fields not populating

Apply a lookup only to events before a certain time

GeoASN not resolving IP v6 addresses

How to trigger alert based on search not found?

GeoASN for windows

Results based on various thresholds

search on macro results

Relevance of Ratings Based on Different Weights by ID

Copyright © 2005-2012 Splunk Inc. All rights reserved.