Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Iplocation reporting wrong country for a host - can this be fixed?

vysean
Explorer
‎04-10-2016 09:18 PM

Not sure how or if this can be fixed, but iplocation is reporting Germany as the country for datacenter.fiberdc.com.tr (which one might guess is in Turkey). Other GeoIP databases are reporting as Turkey.

Any idea how to go about fixing this, or even if it can be fixed?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vysean
Explorer
‎04-11-2016 01:13 PM

My apologies - I meant to close out this thread before it got posted, but it was hung up in moderation.

It's not a Splunk issue. Running lookup dnslookup on the IP reported the DNS name "datacenter.fiberdc.com.tr", but doing an nslookup on the DNS name comes back with a different IP (the one you noted above). So Splunk was behaving properly.

The IP in my logs does resolve to "datacenter.fiberdc.com.tr", but also correctly iplocates to Germany, as confirmed by multiple geolocation services.

Sorry to waste your time!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

vysean
Explorer
‎04-11-2016 01:13 PM

My apologies - I meant to close out this thread before it got posted, but it was hung up in moderation.

It's not a Splunk issue. Running lookup dnslookup on the IP reported the DNS name "datacenter.fiberdc.com.tr", but doing an nslookup on the DNS name comes back with a different IP (the one you noted above). So Splunk was behaving properly.

The IP in my logs does resolve to "datacenter.fiberdc.com.tr", but also correctly iplocates to Germany, as confirmed by multiple geolocation services.

Sorry to waste your time!

0 Karma
Reply
Solved! Jump to solution

gmerhej_splunk
Splunk Employee
Splunk Employee
‎04-11-2016 11:21 AM

I'm guessing you're using the iplocation with an "IP" field? Is the value "185.59.46.158"?

I've tried the splunk iplocation command on this IP and it's showing Turkey not Germany.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...