All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Google Maps does not work on my splunk indexer

asarolkar
Builder
‎07-08-2012 07:39 PM

I installed the google maps app and I am "enabled" it under "Apps".

I go into the app and am trying to execute the following in the search bar that appears under "Google Maps" - but it does not work.

index=* sourcetype="access_combined"| geoip clientip | search clientip="199.47.245.5" | stats count by uri_path clientip_city | sort - count | stats list(clientip_city) AS city list(count) AS hits BY uri_path | rename uri_path AS uri | eval city=mvindex(city, 0, 4) | eval hits=mvindex(hits, 0, 4)

Note that data for this sourcetype is being forced inward into the indexer from a forwarder.

The /props.conf over under /apps/search/local ON THE INDEXER contains an entry for "access_combined".




I SEE THIS when I execute the results:

On the left there are 19 interesting fields that appear ( bytes, clientip, eventtype, file ) values for all of which get populated (you can see the sampling of indexed data associated with these fields coming in) - BUT NOTHING appears on the actual map

Instead, I see a blank google map and this message

0 results with location information ( 0 distinct locations) in the last 4 hours.

Any idea what is going on here ? If i can see values populated for clientip, bytes, eventtype etc, why can I not see those generated on the actual google map ? Am I missing something here ?

The great goal of this exercise is to get it to execute this search within the context of Google Maps -- and leverage the GoogleMaps element into the advanced xml creation of a non-form dashboard which contains this googleMaps saved search.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

asarolkar
Builder
‎07-17-2012 04:45 PM

So I guess the issue was that I was using Google Maps App 1.0 - WHICH IS NOT COMPATIBLE WITH Splunk Version 4.3.3 !

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

asarolkar
Builder
‎07-17-2012 04:45 PM

So I guess the issue was that I was using Google Maps App 1.0 - WHICH IS NOT COMPATIBLE WITH Splunk Version 4.3.3 !

0 Karma
Reply
Solved! Jump to solution

asarolkar
Builder
‎07-16-2012 02:36 PM

This is the search that I tried

sourcetype="access_c*" | table user bytes clientip client_ip_country_name clientIp_latitude clientip_longitude

When I runit in the "Search" app, I get results i the form of a table. I see actual values in the table

However, when I run this search in the Google Maps App (I go to App -> Google Maps) , no results actually appears on the map.

It has 15856 matching events but on the map it reads

0 results with location information (0 distinct locations) in the last 30 minutes

0 Karma
Reply
Solved! Jump to solution

asarolkar
Builder
‎07-16-2012 02:47 PM

It says loading preview- error loading preview and then bails out

0 Karma
Reply
Solved! Jump to solution

asarolkar
Builder
‎07-16-2012 02:43 PM

index=* sourcetype="access_combined" | geoip clientip

did not yield any results on the google map over any time interval (it gives me matching events - it does not give me any results on the map)

Error Loading preview
0 results with location information in the last 5 minutes

0 Karma
Reply
Solved! Jump to solution

ak
Path Finder
‎07-16-2012 02:39 PM

there is no _geo field being returned by that search. try just running "index=* sourcetype="access_combined"| geoip clientip" within the google maps app.

Reply
Solved! Jump to solution

ak
Path Finder
‎07-09-2012 11:27 AM

Taking a stab at this after looking through the google maps page

In order to plot search results on the map they have to have some kind of location information attached. This location information has to be included in a field with the name _geo and has to be formatted as ",".

By applying the various commands (especially the stats command) after the geoip, you are losing some internal info that is required by the maps app.

Perhaps try the same command with the "| geoip clientip" added again at the end?

Reply
Solved! Jump to solution

asarolkar
Builder
‎07-16-2012 01:52 PM

This is the search that I tried

sourcetype="access_c*" | table user bytes clientip client_ip_country_name clientIp_latitude clientip_longitude

When I runit in the "Search" app, I get results i the form of a table. I see actual values in the table

However, when I run this search in the Google Maps App (I go to App -> Google Maps) , no results actually appears on the map.

It has 15856 matching events but on the map it reads

0 results with location information (0 distinct locations) in the last 30 minutes

0 Karma
Reply
Solved! Jump to solution

ak
Path Finder
‎07-09-2012 11:37 AM

try running that in a regular search window and add "| table ANYFIELD1 ANYFIELD2 clientip clientip_country_name clientip_latitude clientip_logitude"

does that return anything?

how about just a table listing of your clientip address from your data (without passing it to geoip). there may be a problem with your source data not returning this key field.

Reply
Solved! Jump to solution

asarolkar
Builder
‎07-09-2012 11:29 AM

hi i tried doing sourcetype="access_combined"| geoip clientip and that did not produce any results apparently.

Any ideas ?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...