map based on public ip addresses does not show the correct location

IrcDirk / enterprise-log-search-and-archive

Automatically exported from code.google.com/p/enterprise-log-search-and-archive

0 stars 1 forks source link

map based on public ip addresses does not show the correct location #124

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1.Create a search and group by public ip
2.Add the search string to a map and wait for the map to build

What is the expected output? 
Dots indicating the correct location of the public ip addresses 

What do you see instead?
some public addresses seems right, but the majority will show up in the 
middeleast

Original issue reported on code.google.com by jacobrav...@gmail.com on 16 Apr 2013 at 8:28

Attachments:

Capture.PNG

GoogleCodeExporter commented 8 years ago

What query are you using?

Original comment by mchol...@gmail.com on 17 Apr 2013 at 2:48

GoogleCodeExporter commented 8 years ago

"assigned to session" -srcip="0.0.0.0" groupby:srcip

Original comment by jacobrav...@gmail.com on 22 Apr 2013 at 5:57

GoogleCodeExporter commented 8 years ago

You need to run the query through either the geoip or whois transforms to 
obtain country information.  Try: "assigned to session" -srcip="0.0.0.0" 
groupby:srcip | geoip | sum(cc)

Original comment by mchol...@gmail.com on 22 Apr 2013 at 1:29