Splunk Dashboard for Iplocation

ip_location.xml

<form theme="dark">
  <label>IP Location</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="text" token="addrs" searchWhenChanged="true">
      <label>IP Addresses separated by commas</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>|  makeresults 
|  eval ips="$addrs$" 
|  eval ip_address=split(ips,",") 
|  mvexpand ip_address
|  rex mode=sed field=ip_address "s/^\\s*//" 
| rex mode=sed field=ip_address "s/\\s*$//"
|  fields - _time 
|  fields ip_address
|  iplocation ip_address</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>