Solved: GeoIP works in Search but not in Enterprise Securi...

echojacques · ‎01-21-2014

Hello,

I'm having a strange problem where geoip works fine in Splunk search but not within the Enterprise Security app. In ES, I get the error "unknown search command 'geoip'". I can't figure out why it works in Search but not in ES. This problem is affecting some of our dashboards (any panel that uses geoip has the "unknown search command 'geoip'" error.

We are running the latest version of Splunk and ES (Splunk 6 and ES 3). Does anyone know what's going on?

Thanks

asimagu · ‎01-21-2014

I believe the maps app is still not showing compatibility with Splunk 6, you could swap the geoip command for the new iplocation command

http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Iplocation

I hope that helps

View solution in original post

asimagu · ‎01-21-2014

I believe the maps app is still not showing compatibility with Splunk 6, you could swap the geoip command for the new iplocation command

http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Iplocation

I hope that helps

echojacques · ‎01-22-2014

Thanks, I'll remove the Google maps app (I found it to be unreliable/unstable anyway) and use the iplocation command instead.

GeoIP works in Search but not in Enterprise Security?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?