Solved: * | geoip clientip returns error. HELP HELP! ___

hunterppp · ‎12-10-2010

I did * | geoip clientip

yet I get an error:

"External search command 'geoip' returned error code 1. First 1000 (of 9218) bytes of script output:" followed by the script output.

A screenshot is here:

http://tinypic.com/r/2hnb1cp/7

ftk · ‎12-10-2010

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

View solution in original post

jrodman · ‎12-15-2010

Looks like you're getting an exception that splunk doesn't know how to parse. The main thing is it's returning failure (a nonzero exit code). You may want to capture from inside the script how it's being invoked and run it independently to investigate.

ftk · ‎12-10-2010

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

ftk · ‎12-13-2010

Hmm. I don't think that screenshot tells us much as to what the error is. There should be a python.log in $SPLUNK_HOME/var/log/splunk/ That should have the full error message.

hunterppp · ‎12-10-2010

@ftk I've updated the question with an error, any help?

* | geoip clientip returns error. HELP HELP! ___

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation