For the AMMAP application for the map, I followed the instruction and installed MAXMIND and the AMMAP app, but I can't make the splunk to plot the points on the map.
When I enter the search command like below,
I get the below error message and a chart like view instead of map plots. Here is the error.
/opt/splunk/etc/apps/amMap/bin/map_results.py:76: SyntaxWarning: name 'app' is assigned to before global declaration /opt/splunk/etc/apps/amMap/bin/map_results.py:77: SyntaxWarning: name 'outputFile' is assigned to before global declaration
ANybody any tip on how to get this problem resolved?
I have a question on the pupulation of the xml_out file, does the file get appended to or re-created when the seach is ran to popluate it?
A clarification might be needed here.
When you pipe to mapit ... it kicks off a script that builds the home_threats_data.xml file.
Then you go back to the map dashboard.. and it will be populated using that home_threats_data.xml file.
You won't see any results in the search results area... it just shows the status of the script there.
You'll see instructions on how to make more maps on the howto page. But essentiall it just builds a static xml that the flash map runs off of.
Not sure if this helped.. but when i first ran it i thought mine crashed.. but it didn't.
Hello,
I always get the similar messages, when I do search with "mapit" command.
/opt/splunk/etc/apps/amMap/bin/map_results.py:73: SyntaxWarning: name 'app' is assigned to before global declaration global app /opt/splunk/etc/apps/amMap/bin/map_results.py:74: SyntaxWarning: name 'outputFile' is assigned to before global declaration global outputFile INFO - get_results() :
But... "mapit" command can create the output file on my environment. /opt/splunk/etc/apps/amMap/appsearver/static/xmlout/home_threat_data.xml.
Then I can see some plots on the map, when I open "AMMAP View" under "AMMap" menu.
Could you try to check the App version? ( amMap/default/MANIFEST ) If your installed App is not the latest, could you try to upgrade it?
Could you try to check whether "home_threat_data.xml" file is created or not?
Check your "/opt/splunk/etc/apps/amMap/appsearver/static/xmlout" folder.
Could you try to search without the "mapit" command?
I can see the resutls view containing the following values. "ip", "client_city", "client_country", "client_lat", "client_lon", etc If you cannot get any "ip", "client_lat" information, you may need to change your search commands to get IP addresses.
My Splunk environment is...
I hope it helps you to get your results that you want.
Thank you.
clyde772, the command "mapit" just creates a xml file specified by the "output_file" parameter. It doesn't draw any maps.
To show your map and data, you need to re-open "AMMAP View" as hiddenkirby explained below.
Could you try to the following steps?
1. Find "home_threats_data.xml" under "/opt/splunk/etc/apps/amMap/appsearver/static/xmlout" folder.
2. Move "home_threats_data.xml" to any other folder.
3. Do search with the "mapit" command.
4. Check whether "home_threats_data.xml" is created, or not.
In my test environments, I can always find it, even if I see some SyntaxWarnings.
Thank you.
Suda,
It works without "mapit" command, but when I do "mapit" then I get,
/opt/splunk/etc/apps/amMap/bin/map_results.py:76: SyntaxWarning: name 'app' is assigned to before global
My env is :
* Splunk 4.1.2 Running on fedora core 12, 64 bit.
* AMMAP 4.1.3
Still not work. I am assuming many oher people running linux havethe same issue.
What happens if you leave off the | mapit? Do you see results?