AmMaps never populate

New Member


When running the test script for AmMaps within my Free Enterprise Evaluation of Splunk (latest ver), no public information appears within the AmMap. Here is the test script:

  • | rex "(?\d+.\d+.\d+.\d+)"| search ip!=192.168* ip!=0.0.* ip!=10.*| stats count by ip | head 100 | eval countlabel="Event" | eval iterator="ip" | eval iteratorlabel="IP" | eval moviecolor="#FF0000" | eval outputfile="homethreatdata.xml" | eval app="amMap" | lookup geoip clientip as ip | mapit

Prior to running this scan I imported several static web logs from our web servers which do contain public ip's.

What other search scripts would be good to test AmMaps with?

Why is it that everytime I run a search within the AmMaps windows (map visible below the search bar), I am immediately taken back to the original search page (no map visible)?

Any suggestions would certainly be appreciated.

0 Karma

New Member

MAXMIND was installed prior and Splunk has been rebooted twice.

0 Karma