Solved: * | geoip clientip returns error. HELP HELP! ___

hunterppp · ‎12-10-2010

I did * | geoip clientip

yet I get an error:

"External search command 'geoip' returned error code 1. First 1000 (of 9218) bytes of script output:" followed by the script output.

A screenshot is here:

http://tinypic.com/r/2hnb1cp/7

ftk · ‎12-10-2010

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

View solution in original post

jrodman · ‎12-15-2010

Looks like you're getting an exception that splunk doesn't know how to parse. The main thing is it's returning failure (a nonzero exit code). You may want to capture from inside the script how it's being invoked and run it independently to investigate.

ftk · ‎12-10-2010

You can do:

* | geoip clientip

This will pipe all events in the index into the geoip tool.

ftk · ‎12-13-2010

Hmm. I don't think that screenshot tells us much as to what the error is. There should be a python.log in $SPLUNK_HOME/var/log/splunk/ That should have the full error message.

hunterppp · ‎12-10-2010

@ftk I've updated the question with an error, any help?

* | geoip clientip returns error. HELP HELP! ___

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

* | geoip clientip returns error. HELP HELP! ___

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine