https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387295#M112988 <P>okay thanks for answering <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P> Tue, 28 May 2019 07:47:19 GMT alaaelbahrawy 2019-05-28T07:47:19Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387287#M112980 <P>what is the difference between cluster and cheograph maps in splunk? <BR /> and can i use cluster maps with coordinates not lat and long</P> Sun, 26 May 2019 07:43:08 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387287#M112980 alaaelbahrawy 2019-05-26T07:43:08Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387288#M112981 <P>Please find the links to two maps and details<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChoroplethGenerate">https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChoroplethGenerate</A><BR /> vs<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/latest/Viz/MarkerMap">https://docs.splunk.com/Documentation/Splunk/latest/Viz/MarkerMap</A></P> <P>The key difference is</P> <BLOCKQUOTE> <P>Choropleth maps have specific data and component requirements and is more complex. A search uses the data and components to generate a Choropleth map. (ie. Data with geographic coordinates,A lookup table file defines region boundaries,Geospatial lookup)</P> </BLOCKQUOTE> <P>while</P> <BLOCKQUOTE> <P>Cluster Maps is simpler, use the geostats command. The geostats command generates events that include latitude and longitude coordinates for markers.</P> </BLOCKQUOTE> <P>Cluster Maps needs lat &amp; long in decimal (pure number). Can you please convert from co-ordinates to lat-long? Something like the formulae i<A href="https://www.latlong.net/degrees-minutes-seconds-to-decimal-degrees">n this link</A></P> Sun, 26 May 2019 09:16:37 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387288#M112981 koshyk 2019-05-26T09:16:37Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387289#M112982 <P>thanks for answering,i tries yes to change the coordinates to long and lat but i wanted it in the first place for the following case<BR /> I want the map to appear more than 1 value. like <BR /> total, subtotal<BR /> 100,30<BR /> 50,20</P> <P>So that it can be for each country the number of total and subtotal. Can the cluster map help in this case?</P> Mon, 27 May 2019 11:49:18 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387289#M112982 alaaelbahrawy 2019-05-27T11:49:18Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387290#M112983 <P>Hi @alaaelbahrawy,</P> <P>In the link below you can find the options for the cluster-map :</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/MarkerMap">https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/MarkerMap</A></P> <P>As you can see it leverages <CODE>geostats</CODE>to build the visualization which means you're limited to the number of parameters <CODE>geostats</CODE> takes which is this case is only one field, either total or subtotal : <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Geostats">https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Geostats</A></P> <P>Cheers,<BR /> David</P> Mon, 27 May 2019 12:00:34 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387290#M112983 DavidHourani 2019-05-27T12:00:34Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387291#M112984 <P>cluster map uses geostats and normally it is aggregated for one value at a time.<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Geostats">https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Geostats</A></P> Mon, 27 May 2019 14:05:26 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387291#M112984 koshyk 2019-05-27T14:05:26Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387292#M112985 <P>okaay i get it now. So can choropleth maps also use 2 values or 1 also? or is there any other way to do so using the maps.</P> Tue, 28 May 2019 07:38:17 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387292#M112985 alaaelbahrawy 2019-05-28T07:38:17Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387293#M112986 <P>okay good. is there is any other way to draw 2 values in splunk maps?</P> Tue, 28 May 2019 07:40:02 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387293#M112986 alaaelbahrawy 2019-05-28T07:40:02Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387294#M112987 <P>One value at a time <span class="lia-unicode-emoji" title=":winking_face:">😉</span> try looking for custom visualizations maybe something can add 2 values instead ?</P> Tue, 28 May 2019 07:44:08 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387294#M112987 DavidHourani 2019-05-28T07:44:08Z https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387295#M112988 <P>okay thanks for answering <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P> Tue, 28 May 2019 07:47:19 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Maps/m-p/387295#M112988 alaaelbahrawy 2019-05-28T07:47:19Z