All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

No geo location info in Google Maps app?

echojacques
Builder
‎08-22-2013 08:43 AM

Hello everyone,

I'm running Splunk 5.0.4 on Linux and installed the Google Maps app. When I access the app, I see the normal search bar at the top and then a world map on the bottom half of the screen (so the app appears to be installed). Also, in my app settings, I have all of the options (GeoIP & cache) enabled.

When I run a simple all-inclusive "*" search on all data (last 15 minutes) I get search results with thousands of events and thousands of IP's in those events. But, no "dots" or location information on the map... it's just a blank map.

When I click on "Geo Results" it says: "No results found."

What am I doing wrong?

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 10:39 AM

That worked! Thanks for the info!

0 Karma
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 09:19 AM

Yes, I have maxmind installed as well.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎08-22-2013 09:16 AM

Did you install the maxmind app?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...