All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

No geo location info in Google Maps app?

echojacques
Builder
‎08-22-2013 08:43 AM

Hello everyone,

I'm running Splunk 5.0.4 on Linux and installed the Google Maps app. When I access the app, I see the normal search bar at the top and then a world map on the bottom half of the screen (so the app appears to be installed). Also, in my app settings, I have all of the options (GeoIP & cache) enabled.

When I run a simple all-inclusive "*" search on all data (last 15 minutes) I get search results with thousands of events and thousands of IP's in those events. But, no "dots" or location information on the map... it's just a blank map.

When I click on "Geo Results" it says: "No results found."

What am I doing wrong?

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-22-2013 10:36 AM

You still have to call the geoip command to get this to show up on the map.

Examples from the docs:

Perform a geolocation lookup for values of the clientip field in access_combined events:

sourcetype=access_combined | geoip clientip

Same as the previous example, but also perform DNS lookups in case when the value of the clientip field is a hostname and not an IP:

sourcetype=access_combined | geoip clientip resolve_hostnames=true

Same as the first example, but using the geo lookup instead of the command

sourcetype=access_combined | lookup geo ip as clientip
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 10:39 AM

That worked! Thanks for the info!

0 Karma
Reply
Solved! Jump to solution

echojacques
Builder
‎08-22-2013 09:19 AM

Yes, I have maxmind installed as well.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎08-22-2013 09:16 AM

Did you install the maxmind app?

0 Karma
Reply
Get Updates on the Splunk Community!

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...