I'm testing Splunk 6. It's a single server with 1 data input configured (syslog UDP port 514). I'm receiving the messages from my firewalls fine and I can run manual searches on the logs. I'm trying out the Cisco Security Suite. Pretty much every time I try to use it either the map doesn't show any overlays or I get the following error.
Traceback (most recent call last):
File "C:\Program
Files\Splunk\etc\apps\maps\appserver\modules\GoogleMaps\GoogleMaps.py",
line 53, in generateResults
for result in getattr(job, entity_name)[offset:end]: File
"C:\Program
Files\Splunk\Python-2.7\Lib\site-packages\splunk\search_init.py",
line 1332, in __getitem_
self.job.pushValidation() File "C:\Program
Files\Splunk\Python-2.7\Lib\site-packages\splunk\search_init_.py",
line 637, in pushValidation
raise splunk.SearchException, fatality SearchException: Error in
'script': Getinfo probe failed for
external search command 'geoip'
I ran a test to isolate the issue by just running a manual search with geoip on the src_ip and it worked perfectly without an errors so I know that geoip is working. What could be causing these errors with the Cisco Security Suite and the map?
... View more