iplocation search command that will add City and Country fields to your search results. It does this by looking up the IP addresses it finds using the hostip.info API. Unfortunately if your Splunk server doesn't have direct Internet access then this script will fail.The script itself is a very simple Python script that use the module urllib.urlopen to make the API call. To get it to use your proxy server is easy.
Make a backup of the original script:
$ cd $SPLUNK_HOME/etc/searchscripts
$ cp iplocation.py iplocation.py.bakEdit
iplocation.py and add the following line below the LOCATION_URL definition:PROXIES = {'http':'http://proxy.example.com:8080'}Then find the line that reads:
location = urllib.urlopen( LOCATION_URL + ip )and change it to:
location = urllib.urlopen( LOCATION_URL + ip, proxies=PROXIES )Then perform your search and pipe it to
iplocation. Make sure to limit your search as the script will do a HTTP request for every IP address it finds.
 
