I have a Web Intelligence app which has a google maps component within (this has its own geoip.py and geonormalize.py). The Google Maps app has its own geoip.py and geonormalize.py).
Based on my understanding for either app, those scripts are the drivers of the process of putting data from sourcetypes on the map and display everything on the map.
My issue is that Google Maps doesnt work when Web Intelligence Does !!!
When Web Intelligence is enabled and Google Maps is disabled, the map within the Web Intelligence app works just fine. I can actually see how the clientips, cities, ports etc are plotted on the map.
When I run the following searches (see below), while I do get actual events under "interesting fields", but the results, clientips, user, host, pid etc - I do not see any results ON THE ACTUAL GOOGLE MAP (The Error Message says preparing a preview and then 0 results with location information)
* | lookup geoip clientip | geonormalize sourcetype=* | lookup geoip clientip | geonormalize * | rex "(?<ip>\d+\.\d+\.\d+\.\d+)" | eval clientip=ip | lookup geoip clientip | geonormalize
Why is maps working for Web Intelligence but not for Google Maps ??
Is there an unspoken rule in Splunk where that google Maps MUST be disabled for Web Intelligence to function ?
Reason I ask is because while one business unit that is our customer uses the Web Intelligence App there is another that wants to use advanced xml to create a CUSTOM dashboard which which will use Google Maps