All Apps and Add-ons

MapIt doesn't map it



Have installed AMMap and Maxmind per instructions here and in documentation. Using this formula:

sourcetype="Sites*" Preview fromHost!="'10.*'" | rex
"'(?<fromHost>\d+.\d+.\d+.\d+)'"|  stats count by fromHost | head  100 | eval
count_label="Login" |
eval iterator="fromHost" | eval iterator_label="IP" | eval
movie_color="#FF0000" | eval output_file="home_threat_data.xml" | eval
app="amMap" | lookup geoip clientip as fromHost

I'm able to generate results (which I can't post without enough 'karma', but trust me, I'm seeing cities, countries, lat, long, region, etc..)

However, when I use the | mapit command, all of a sudden 'no events were found'. When I run a check of the Splunk logs there are entries which coincides with each | mapit request:

Fri Nov 08 11:31:03 2013 - ERROR - Traceback:Traceback (most recent call last):
  File "D:\splunk\etc\apps\amMap\bin\", line 180, in run
    result_dict_list = get_results()
  File "D:\splunk\etc\apps\amMap\bin\", line 41, in get_results
    if results[0].has_key("app"):
IndexError: list index out of range

Any ideas on what might be happening? Appreciate any tips!

0 Karma


Hi benefitcos,

Just had the same problem today, when implementing the amMaps at a costumer which does not allow Internet access from the Splunk search head, so I had to setup amMap. The error was exactly the same and after checking the code, I realized that the there was some field missing in the stats, so including the field in the stats solved this.

Also be aware that you can use mapit in a HiddenPostProcess but you must use the the stats and all the eval commands in the HiddenPostProcess otherwise it will not work.

hope this helps ...

cheers, MuS


hi , i'm having the same issue.
if someone can help it would be great.


0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...