Hey, I haven't answer yet because I wasn't sure about the solution.

Since nobody answer me I don't see the necessity to downvoted this, but anyway, I will exposure my last search which worked, but still not sure of the reason.

This is the first search, the one I wrote in the question:

 index="*alerts"    | dedup Alert    | rename Country as country    | lookup countries.csv  country | rename latitude as lat | rename longitude as lon |eventstats count(Alert) as alerts by country  | geostats  count(alerts) by country globallimit=0

And this one is the working one:

index="*_alerts" | dedup Alert | lookup customer_details.csv  Customer| lookup geo_countries longitude as Longitude, latitude as Latitude | stats count by Country | geom geo_countries  featureIdField="Country"

I guess at the begging, not knowing how the geo_countries lookup was working, I tried another lookup with country information and maybe the geostats was not able to proceed all the longitudes and latitudes and some of the countries disappear because the lack of this information, not in the table but in the process.
Then, after some time doing some test with this lookup table and the geo_attr_us_states default lookup table, I was stating to understand how this default lookup tables were working, and finally, after some test worked out with USA geo stats, I went to use the world geo stats table, and it results.

I had to rename some fields as country (to merge the index and the lookup table) and the latitude and logitude to then do the geom geo_countries. I've found out that besides selecting a field to do the count, this field has to be indicated to as featureIdField.

As you can understand, I'm not sure why the first search didn't work, I've just change to use the splunk default tables for the maps instead of using the other one found in another post (I've consult a lot of questions related to maps).

Sorry for not being able to help more, because as you see, I don't have a concrete solution for this, I've just try a workaround until something worked.

Anything, write again and I will be glad to try to answer or assist in this kind of searches.

Thanks for following up. I did work on my similar issue yesterday and found that if I put a high limit first with the globallimit=0, it mapped all my data:

| top limit=50000 something,Latitude,Longitude
| geostats globallimit=0 latfield=Latitude longfield=Longitude count by something

Using top fixed it for me. Thanks!

Interesting...... Good to know this version too, It might be helpful!

Thank you. Have you indicate something about usenull or useother to be false too? Just to know more.

I downvoted this post because how?

Hi @kskujawa

Please do not downvote someone unless they've suggested something that is not best practice and could potentially do harm in a Splunk environment. Simply comment to ask for more information in the future, and upvote questions, comments, and answers that you find helpful. To learn more about voting etiquette in this community and Splunk Answers, check out this previous Answers post on the topic:
https://answers.splunk.com/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.html

Hi @marina_rovira

Glad you were able to solve your question, but would you actually be able to share your final working solution here so other users can learn how you got your desired result?