I have a 6.1 Enterprise cluster - two heads, three indexers, heavy forwarder. I'm trying to install the Google Maps app. I've installed it on the search head and on the indexers via the cluster-bundle.
I've run into what seems like this problem: http://answers.splunk.com/answers/135685/geoip-command-stops-working-after-upgrade-to-611-geoip-data...
But the suggested fix doesn't work because the path to the database file on the indexers is different to that on the head - i.e. there is no single path I can put into geoip.conf in order to make the error go away.
I can answer my own question now, as I've just fixed this with help from Splunk support.
I had to do the following:
1) Install the google maps app on the search head and on the indexers - don't use the "cluster bundle" technique - actually log into the indexers and install the app that way.
2) Make the fix in this ticket http://answers.splunk.com/answers/135685/geoip-command-stops-working-after-upgrade-to-611-geoip-data... to the geopip config file on the search head only
3) Restart head and three indexers
I can answer my own question now, as I've just fixed this with help from Splunk support.
I had to do the following:
1) Install the google maps app on the search head and on the indexers - don't use the "cluster bundle" technique - actually log into the indexers and install the app that way.
2) Make the fix in this ticket http://answers.splunk.com/answers/135685/geoip-command-stops-working-after-upgrade-to-611-geoip-data... to the geopip config file on the search head only
3) Restart head and three indexers