All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

GeoASN app search generates red error bar. How to resolve?

sonicZ
Contributor
‎06-15-2012 10:23 AM

I've got the GeoASN application installed in our distributed environment(4 indexers so far 1 search head) running the script seems to be generating the generic red error bar saying "results may be incorrect"
Search used:

index=www sourcetype=access_combined splunk_server="splunk*-d*" | lookup ga ip AS clientip | stats count by country, org

error is as follows

Script for lookup table 'ga' returned error code 1. Results may be incorrect

How do we go about troubleshooting this and resolving the error? I am checking python.log web_access and web_service so far nothing pops out as to what the problem is.
basically want to either resolve or in the meantime squelsh the error until we can resolve it.

Tags (2)
Reply

jonrsplunk
Explorer
‎04-04-2018 05:45 AM

I did a GeoASN install in a distributed environment today and had sismilar problems.
Solution: Install all the components (listed in the README) and the app on all searchheads and indexers.

0 Karma
Reply

mathu
Path Finder
‎10-20-2013 03:26 AM

There seems to be a problem with character encoding. i.e. if you lookup countries like "Curaçao", the script will fail because of "ç"

I worked around the problem by changing following line in "ga.py":

replace line: 

line[countryi] = unicode(gir['country_name'])

with following two lines:

t = gir['country_name'].decode('cp1252')
line[countryi] = unicode(t)
Reply

myron_davis
Path Finder
‎10-01-2014 02:52 PM

This has to be deployed to all of the python scripts. i.e. for geoasn.py:

before:
line[src_countryi] = unicode(src_gir['country_name'])

after:
t = src_gir['country_name'].decode('cp1252')
line[src_countryi] = unicode(t)

and

before:
line[dest_countryi] = unicode(dest_gir['country_name'])

after:
t = dest_gir['country_name'].decode('cp1252')
line[dest_countryi] = unicode(t)

Thank you for solving my problem as well.

0 Karma
Reply

theeansible
Path Finder
‎06-29-2017 11:53 AM

Unfortunately I tried this solution and it still doesn't fix my issue. I followed the guide step by step and was still unable to get it to work.

The weird thing is that it works through the command line however it does not work at the search bar 😕 not sure what else to do.

0 Karma
Reply

cnygaard
New Member
‎07-04-2012 04:46 PM

I got the same error message as you, you will need to install GeoIP and GeoIP python module
take a look in /opt/splunk/etc/apps/GeoASN/README

after that verify that this command works
/opt/splunk/bin/splunk cmd python ga.py < ga.csv

you also need to include the field src_asn in the search results.

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...