Hello,
When running the test script for AmMaps within my Free Enterprise Evaluation of Splunk (latest ver), no public information appears within the AmMap. Here is the test script:
| rex "(? \d+.\d+.\d+.\d+)"| search ip!=192.168* ip!=0.0.* ip!=10.*| stats count by ip | head 100 | eval count_label="Event" | eval iterator="ip" | eval iterator_label="IP" | eval movie_color="#FF0000" | eval output_file="home_threat_data.xml" | eval app="amMap" | lookup geoip clientip as ip | mapit
Prior to running this scan I imported several static web logs from our web servers which do contain public ip's.
What other search scripts would be good to test AmMaps with?
Why is it that everytime I run a search within the AmMaps windows (map visible below the search bar), I am immediately taken back to the original search page (no map visible)?
Any suggestions would certainly be appreciated.
... View more