|
I've installed Google Maps and am running a very simple search. It did work for me for a bit but now I keep getting an error. I narrowed it down to the geoip command. I'm running the following search command in the standard search view (not map view):
and I'm getting the following message in the events are:
I tried filtering the events to ensure that remote_ip is not null and is a valid IP address. When I try piping the results through "head" first, it usually works - even if the limit is higher than the total number of events (where without the "head" it would fail). Any help would be greatly appreciated. |
|
What you're seeing is the whole search process crashing. This might not be directly caused by geoip command. There should be some crash-logs in your $SPLUNK_HOME/var/log/splunk directory. I'd suggest creating a support case with these logs. Have you installed the Maxmind C API? Thanks for the quick response. I installed the MAXMIND app and the Google Maps app, not sure if that installs the API as well. I haven't changed any of the default settings though - it's still set to use the python pygeoip API. Do you happen to know what these crash logs should look like? I'm seeing only the standard set of splunk logs there. Any way to debug what's gone wrong?
(26 Jun '11, 02:57)
spock_yh
|
