AmMaps never populate

Hello,

When running the test script for AmMaps within my Free Enterprise Evaluation of Splunk (latest ver), no public information appears within the AmMap. Here is the test script:

| rex "(?<ip>d+.d+.d+.d+)"| search ip!=192.168 ip!=0.0. ip!=10.*| stats count by ip | head 100 | eval count_label="Event" | eval iterator="ip" | eval iterator_label="IP" | eval movie_color="#FF0000" | eval output_file="home_threat_data.xml" | eval app="amMap" | lookup geoip clientip as ip | mapit

Prior to running this scan I imported several static web logs from our web servers which do contain public ip's.

What other search scripts would be good to test AmMaps with?

Why is it that everytime I run a search within the AmMaps windows (map visible below the search bar), I am immediately taken back to the original search page (no map visible)?

Any suggestions would certainly be appreciated.

asked 06 May '11, 08:06

inarcisi
1
accept rate: 0%

edited 21 Dec '11, 14:20

lguinn ♦
3.1k●2●16

One Answer:

oldest newest most voted

0	MAXMIND was installed prior and Splunk has been rebooted twice. link answered 06 May '11, 08:08 inarcisi 1 accept rate: 0%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

ammap ×19
blank ×5
enterprise ×4
evaluation ×4

Asked: 06 May '11, 08:06

Seen: 422 times

Last updated: 21 Dec '11, 14:20

AmMaps never populate

Follow this question

Splunk Resources

Related questions