Re: Google Maps - geoip error

Kate_Lawrence-G · ‎10-11-2011

I've installed the Google Maps app on my search head but when try to run a search:

sourcetype="stuff" remote_ip=* | geoip remote_ip

I get the following error:

Error in 'script': Getinfo probe failed for external search command 'geoip'

   Traceback (most recent call last):
      File "/opt/splunk/etc/apps/maps/appserver/modules/GoogleMaps/GoogleMaps.py", line 53, in generateResults
        for result in getattr(job, entity_name)[offset:end]:
      File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 1219, in __getitem__
        self.job.pushValidation()
      File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 590, in pushValidation
        raise splunk.SearchException, fatality
    SearchException: Error in 'script': Getinfo probe failed for external search command 'geoip'

I installed the MAXMIND app as well but the result is the same.
I've restarted splunk but that has not resolved the issue either.

Thanks,

yannK · ‎12-12-2013

There were a bug in the app for distributed searches, fixed in 1.1.3
see http://apps.splunk.com/app/368/

Or install the app on all the search-peers.

asmall · ‎09-17-2013

Try:

sourcetype="stuff" remote_ip=* | stats count by remote_ip | geoip remote_ip

Kate_Lawrence-G · ‎07-10-2012

Hi,
Have you checked if the app is enabled at the indexer and is listed in the etc/apps directory after it replicates the bundle over from the search head?

You can check that status of installed apps with ./splunk display app. If it is disabled you can enable it by ./splunk enable app

If you are running deployment server you could also just roll it out that way.

@Kate

paranoid · ‎07-09-2012

I've just installed the Google Maps app on my search and seen the bundles distributed to my indexers. Unfortunately I get: "Streamed search execute failed because: Error in 'script': Getinfo probe failed for external search command 'geoip'"

however if I manually install the app on the indexers (and restart) it does work. Would be much nicer if it just worked so I don't have to manually update N indexers. Any ideas how to debug or fix this?

Kate_Lawrence-G · ‎10-12-2011

Thanks Dave but i did have some luck with the lookup geoip command instead. It's producing results now, but I will keep that in mind my production system is distributed but 4.1.6 across the board.

dshpritz · ‎10-12-2011

Hey Kate,

I was working with 4.2.3 with a distributed deployment. You may want to try an older version. I believe the current version was released to address compatibility issues with 4.2.

Dave

Kate_Lawrence-G · ‎10-12-2011

Hi Dave,
Yes I'm actually testing it out on a standalone search head+indexer (my cloud sandbox) and am receiving the same error.
What version of Splunk are you running? I'm on 4.1.6 and wondering if there is some incompatibility?

Thanks,

Kate

dshpritz · ‎10-11-2011

Hey Kate,

I ran into the same problem recently. Do you have the Google Maps app installed on your indexer as well as the search head?

Dave

Google Maps - geoip error

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

Google Maps - geoip error

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25