Security

* | geoip clientip returns error. HELP HELP! ___

hunterppp
New Member

I did * | geoip clientip

yet I get an error:

"External search command 'geoip' returned error code 1. First 1000 (of 9218) bytes of script output:" followed by the script output.

A screenshot is here:

http://tinypic.com/r/2hnb1cp/7

Tags (1)
0 Karma
1 Solution

ftk
Motivator

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

View solution in original post

jrodman
Splunk Employee
Splunk Employee

Looks like you're getting an exception that splunk doesn't know how to parse. The main thing is it's returning failure (a nonzero exit code). You may want to capture from inside the script how it's being invoked and run it independently to investigate.

0 Karma

ftk
Motivator

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

ftk
Motivator

Hmm. I don't think that screenshot tells us much as to what the error is. There should be a python.log in $SPLUNK_HOME/var/log/splunk/ That should have the full error message.

0 Karma

hunterppp
New Member

@ftk I've updated the question with an error, any help?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...