I've installed the Google Maps app on my search head but when try to run a search:
sourcetype="stuff" remote_ip=* | geoip remote_ip
I get the following error:
Error in 'script': Getinfo probe failed for external search command 'geoip'
Traceback (most recent call last):
File "/opt/splunk/etc/apps/maps/appserver/modules/GoogleMaps/GoogleMaps.py", line 53, in generateResults
for result in getattr(job, entity_name)[offset:end]:
File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 1219, in __getitem__
self.job.pushValidation()
File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 590, in pushValidation
raise splunk.SearchException, fatality
SearchException: Error in 'script': Getinfo probe failed for external search command 'geoip'
I installed the MAXMIND app as well but the result is the same.
I've restarted splunk but that has not resolved the issue either.
Thanks,
There were a bug in the app for distributed searches, fixed in 1.1.3
see http://apps.splunk.com/app/368/
Or install the app on all the search-peers.
Try:
sourcetype="stuff" remote_ip=* | stats count by remote_ip | geoip remote_ip
Hi,
Have you checked if the app is enabled at the indexer and is listed in the etc/apps directory after it replicates the bundle over from the search head?
You can check that status of installed apps with ./splunk display app
. If it is disabled you can enable it by ./splunk enable app
If you are running deployment server you could also just roll it out that way.
@Kate
I've just installed the Google Maps app on my search and seen the bundles distributed to my indexers. Unfortunately I get: "Streamed search execute failed because: Error in 'script': Getinfo probe failed for external search command 'geoip'"
however if I manually install the app on the indexers (and restart) it does work. Would be much nicer if it just worked so I don't have to manually update N indexers. Any ideas how to debug or fix this?
Thanks Dave but i did have some luck with the lookup geoip command instead. It's producing results now, but I will keep that in mind my production system is distributed but 4.1.6 across the board.
Hey Kate,
I was working with 4.2.3 with a distributed deployment. You may want to try an older version. I believe the current version was released to address compatibility issues with 4.2.
Dave
Hi Dave,
Yes I'm actually testing it out on a standalone search head+indexer (my cloud sandbox) and am receiving the same error.
What version of Splunk are you running? I'm on 4.1.6 and wondering if there is some incompatibility?
Thanks,
Kate
Hey Kate,
I ran into the same problem recently. Do you have the Google Maps app installed on your indexer as well as the search head?
Dave