Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

MMDB file update procedure

release date
2018-10-03
last updated
2023-10-02
version
Splunk Enterprise 9.0.1
Overview
The MMDB file (location information) referenced by the iplocation command can be changed.
You can update the MMDB file by changing the limits.conf settings.
Reference information
content

When using the iplocation command in Splunk, the MMDB file provided by MaxMind is referenced and the location information is output.

MMDB file update procedure

  • Go to $SPLUNK_HOME/etc/system/local on your Splunk server and open limits.conf with a text editor. (If not, create a new limits.conf.)

*The default installation path of $SPLUNK_HOME is as follows.

Linux: /opt/splunk/
Windows: C:\Program Files\splunk
  • Add the following settings to limits.conf.
==========
[iplocation]
db_path = <更新するMMDBファイルのフルパス>
==========

(Example) When updating to "GeoLite2-City.mmdb" located in "$SPLUNK_HOME/etc"

==========
[iplocation]
db_path = $SPLUNK_HOME/etc/GeoLite2-City.mmdb
==========
  • Please restart the Splunk service.

Supplementary information

If the search head and indexer are separate instances in a distributed environment, update the MMDB files for both the search head and indexer.

that's all

to previous page