All Apps and Add-ons

Google Maps - geoip error

Kate_Lawrence-G
Contributor

I've installed the Google Maps app on my search head but when try to run a search:

sourcetype="stuff" remote_ip=* | geoip remote_ip

I get the following error:

Error in 'script': Getinfo probe failed for external search command 'geoip'

   Traceback (most recent call last):
      File "/opt/splunk/etc/apps/maps/appserver/modules/GoogleMaps/GoogleMaps.py", line 53, in generateResults
        for result in getattr(job, entity_name)[offset:end]:
      File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 1219, in __getitem__
        self.job.pushValidation()
      File "/opt/splunk/lib/python2.6/site-packages/splunk/search/__init__.py", line 590, in pushValidation
        raise splunk.SearchException, fatality
    SearchException: Error in 'script': Getinfo probe failed for external search command 'geoip'

I installed the MAXMIND app as well but the result is the same.
I've restarted splunk but that has not resolved the issue either.

Thanks,

yannK
Splunk Employee
Splunk Employee

There were a bug in the app for distributed searches, fixed in 1.1.3
see http://apps.splunk.com/app/368/

Or install the app on all the search-peers.

asmall
Explorer

Try:

sourcetype="stuff" remote_ip=* | stats count by remote_ip | geoip remote_ip

Kate_Lawrence-G
Contributor

Hi,
Have you checked if the app is enabled at the indexer and is listed in the etc/apps directory after it replicates the bundle over from the search head?

You can check that status of installed apps with ./splunk display app. If it is disabled you can enable it by ./splunk enable app

If you are running deployment server you could also just roll it out that way.

@Kate

0 Karma

paranoid
Explorer

I've just installed the Google Maps app on my search and seen the bundles distributed to my indexers. Unfortunately I get: "Streamed search execute failed because: Error in 'script': Getinfo probe failed for external search command 'geoip'"

however if I manually install the app on the indexers (and restart) it does work. Would be much nicer if it just worked so I don't have to manually update N indexers. Any ideas how to debug or fix this?

0 Karma

Kate_Lawrence-G
Contributor

Thanks Dave but i did have some luck with the lookup geoip command instead. It's producing results now, but I will keep that in mind my production system is distributed but 4.1.6 across the board.

0 Karma

dshpritz
SplunkTrust
SplunkTrust

Hey Kate,

I was working with 4.2.3 with a distributed deployment. You may want to try an older version. I believe the current version was released to address compatibility issues with 4.2.

Dave

0 Karma

Kate_Lawrence-G
Contributor

Hi Dave,
Yes I'm actually testing it out on a standalone search head+indexer (my cloud sandbox) and am receiving the same error.
What version of Splunk are you running? I'm on 4.1.6 and wondering if there is some incompatibility?

Thanks,

Kate

0 Karma

dshpritz
SplunkTrust
SplunkTrust

Hey Kate,

I ran into the same problem recently. Do you have the Google Maps app installed on your indexer as well as the search head?

Dave

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...