The SPL2 iplocation commmand extracts location information from IP addresses by using 3rd-party databases. Supports IPv4 and IPv6 addresses and subnets that use CIDR notation.

Syntax

The required syntax is in bold.

Usage

The IP address that you specify in the field parameter is looked up in a database. Fields from that database that contain location information are added to each event. The fields added are:

• City
• Country
• Region
• lat (latitude)
• lon (longitude)

Because all the information might not be available in the database for each IP address, some fields can have empty field values.

For IP addresses which do not have a location, such as internal addresses, no fields are added.

See also