Created
September 8, 2019 02:06
-
-
Save duckfez/bea451c41be8c2db9fb20647eef4592f to your computer and use it in GitHub Desktop.
Splunk Dashboard for Iplocation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<form theme="dark"> | |
<label>IP Location</label> | |
<fieldset submitButton="false" autoRun="true"> | |
<input type="text" token="addrs" searchWhenChanged="true"> | |
<label>IP Addresses separated by commas</label> | |
</input> | |
</fieldset> | |
<row> | |
<panel> | |
<table> | |
<search> | |
<query>| makeresults | |
| eval ips="$addrs$" | |
| eval ip_address=split(ips,",") | |
| mvexpand ip_address | |
| rex mode=sed field=ip_address "s/^\\s*//" | |
| rex mode=sed field=ip_address "s/\\s*$//" | |
| fields - _time | |
| fields ip_address | |
| iplocation ip_address</query> | |
<earliest>-24h@h</earliest> | |
<latest>now</latest> | |
<sampleRatio>1</sampleRatio> | |
</search> | |
<option name="count">20</option> | |
<option name="dataOverlayMode">none</option> | |
<option name="drilldown">none</option> | |
<option name="percentagesRow">false</option> | |
<option name="refresh.display">progressbar</option> | |
<option name="rowNumbers">false</option> | |
<option name="totalsRow">false</option> | |
<option name="wrap">true</option> | |
</table> | |
</panel> | |
</row> | |
</form> |
Author
duckfez
commented
Sep 8, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment