Today, after upgrading to Splunk 6.1 I realized, that some GeoIP data in dashboards was missing. By using the lookup search command to get the country from an IP address like :
| stats count | eval ip=”188.8.131.52″ | lookup geoip clientip as ip
I got an error message, which showed that the lookup was somehow not working. Read more →
There are certain troubleshooting scenarios where you want to get access to the data from the local Edgesight database. Technically the Edgesight agent collects all the data from the running local host in a local Firebird database and uploads the data in a configurable timeframe into the central MSSQL database.
So if you have e.g. data missing in the MSSQL database you might want to know if the data is not collected from the agent (you might want to update it) or if the consolidation from the Firebird database to the MSSQL databas is an issue. Read more →