I have installed the latest versions of the Google Maps app and MAXMIND (amMaps works). Whenever I attempt to perform a search, the results will find IP addresses, but never places them on the map. I see there are other people who have the same concern as me, but there is no definitive answer online. I have even ran these queries as the administrator. How do I get the IP addresses to be geospatially mapped?
Here are some queries I've tried:
* | lookup geoip clientip | geonormalize
sourcetype=syslog | lookup geoip clientip | geonormalize
* | rex "(?<ip>\d+\.\d+\.\d+\.\d+)" | eval clientip=ip | lookup geoip clientip | geonormalize
* | rex "(?<ip>\d+\.\d+\.\d+\.\d+)" | lookup geoip clientip | geonormalize
* | rex "(?<ip>\d+\.\d+\.\d+\.\d+)" | eval clientip=ip | lookup geoip clientip | geonormalize
sourcetype=syslog | rex "(?<ip>\d+\.\d+\.\d+\.\d+)" | eval clientip=ip | lookup geoip clientip | geonormalize
All of these queries result in 0 different locations found, despite all of the events having IP addresses (and return results in the regular search mode).
... View more