Splunk Tutorials | iplocation visualization #FADS

Playlist Link for All Daily Trainings

We are going to start rolling out a Free Analytic Daily Share (F.A.D.S). We will be adding a video the the playlist each day with an analytic that will help you navigate Splunk better, use data models, or search for something from popular Splunk logs. Please feel free to comment below for analytics that you may be interested in seeing.

This videos analytic is below and shows how to visualize the iplocation command that was used in the previous video

index=corelight sourcetype=corelight_conn
| iplocation prefix=dest_loc_ allfields=true dest_ip ```prefix creates a prefix to each field generated from iplocation command```
| stats count by dest_loc_Country
| geom geo_countries allFeatures=True featureIdField=dest_loc_Country ``` geom maps the coordinates of the countries so it can be applied to the visualization

To view all videos in the playlist on Splunk Tutorials for Creating Searches use the link: