I always get
2 An unknwon error occured while performing the geoip lookup:
Is there something i have to set up or pay attention to?
Splunk 5.1 running on SLES11 64bit
In Production environment it works whereas in the integration environment it won't resulting in this error.
The extracted field name is 'IP' in caps? Just want to make sure you've got the proper field. I've seen this issue if you tried to use a look up on a field and you had the case incorrect.
I took the plunge and installed in our Prudoction environment with the same search so i presume something is amiss.
index="asa" IP="*" | dedup IP | geoip IP
with IP being the public ip