All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

No geo location info in Google Maps app?

echojacques
Builder
‎08-22-2013 08:43 AM

Hello everyone,

I'm running Splunk 5.0.4 on Linux and installed the Google Maps app. When I access the app, I see the normal search bar at the top and then a world map on the bottom half of the screen (so the app appears to be installed). Also, in my app settings, I have all of the options (GeoIP & cache) enabled.

When I run a simple all-inclusive "*" search on all data (last 15 minutes) I get search results with thousands of events and thousands of IP's in those events. But, no "dots" or location information on the map... it's just a blank map.

When I click on "Geo Results" it says: "No results found."

What am I doing wrong?

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 10:39 AM

That worked! Thanks for the info!

0 Karma
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 09:19 AM

Yes, I have maxmind installed as well.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎08-22-2013 09:16 AM

Did you install the maxmind app?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...