Good day
I am a new user on Splunk Enterprise and am trying to generate a map from search data.
The guy that developed the original search that I am using is no longer working here and unavailable to ask.
When I run the following search
index=radware host=x.x.x.x action="drop" NOT src="y.y.y.y" NOT src="0.0.0.0" |fields src | stats count as _geo_count by src | geoip src | search _geo=*
I do get a result set with seemingly valid results
![alt text][1]
However when I go to the visualization tab I just get a blank map
![alt text][2]
Going through older reports (stored outside of Splunk as pdfs) the above search returns valid maps.
The fact that I am getting valid results and a blank map indicates to me that the search is not the issue but could be a formatting issue.
Some advice on where to look next would be appreciated.
Thanks
[1]: /storage/temp/159208-splunk-search-results.jpg
[2]: /storage/temp/159209-blank-map.jpg
↧