geo location based on IP

Follow
Avatar
Kota Shravana

Greetings

My log is like this having different IPs. for example:

========================

10.50.77.127
 2020-05-25 01:45:10,517
 o@LK4UF0x105x26498539x0
 165
1256625
 435
 RNDWMCOMPS
10.80.202.14
 2020-05-25 01:24:17,197 
o@LK4UF0x84x26497198x1 
5512 
591019
 1535 
scpp
10.70.202.14 2020-05-25 01:24:17,197 o@LK4UF0x84x26497198x1 5512 591019 1535 scpp
=========================
 
Requirement: 
 
10.50 and 10.70 are US based IPs
10.80 is a INDIA based IP
 
I want to count and sum up the US based IPs and put the same in Geo location.
Example:
10.50 - count is 10 
10.70 - count is 34
10.80 - count is 55 
 
So, total of 44 (10+34) should be put on Geo location map for ATLANTA, US and 55 should be for Bangalore, India. 
 
Can you help me with the query? 
 
Thanks !
0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Don Gothing

    Hi Kota,

    Here's an article about this exact kind of application. This is the query that should separate out the ip addresses and enable mapping once you enter your search criteria.


    | parse regex "(?<ip_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" multi
    | lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ip_address
    | count by latitude, longitude, country_code, country_name, region, city, postal_code
    | sort _count


    After running the query click the map icon on the Aggregates pane.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post