Scenario: Your boss want to know failure logon Locations (failure). Tool you have: Splunk software Data is already loaded into Hadoop HDFS: index="u7_hdp_74_win" Giving functions and Operators: index, rex, stats, iplocation, geostats, |, count by. Using regex to extract the IP address as field name src_ip. Search keyword: failure Data field name: src_ip Using regex to extract the IP address as field name src_ip, review the values in the field of src_ip.

Showing statistic of source IP address and Visualizing in the map. Please reply with Splunk search query.