I always get
1 ERROR
2 An unknwon error occured while performing the geoip lookup:
Is there something i have to set up or pay attention to?
Splunk 5.1 running on SLES11 64bit
In Production environment it works whereas in the integration environment it won't resulting in this error.
The extracted field name is 'IP' in caps? Just want to make sure you've got the proper field. I've seen this issue if you tried to use a look up on a field and you had the case incorrect.
Hi,
yes the field is IP uppercase. I need to update the article, i have it running in production and somehow it won't in integration (??)
I took the plunge and installed in our Prudoction environment with the same search so i presume something is amiss.
Search is
index="asa" IP="*" | dedup IP | geoip IP
with IP being the public ip
What is your search string?