All Apps and Add-ons

No geo location info in Google Maps app?

Builder

Hello everyone,

I'm running Splunk 5.0.4 on Linux and installed the Google Maps app. When I access the app, I see the normal search bar at the top and then a world map on the bottom half of the screen (so the app appears to be installed). Also, in my app settings, I have all of the options (GeoIP & cache) enabled.

When I run a simple all-inclusive "*" search on all data (last 15 minutes) I get search results with thousands of events and thousands of IP's in those events. But, no "dots" or location information on the map... it's just a blank map.

When I click on "Geo Results" it says: "No results found."

What am I doing wrong?

Thanks.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip

View solution in original post

Splunk Employee
Splunk Employee

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip

View solution in original post

Builder

That worked! Thanks for the info!

0 Karma

Builder

Yes, I have maxmind installed as well.

0 Karma

Legend

Did you install the maxmind app?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!