All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Basic installation/configuration of Maps+ app

hgtsecurity
New Member
‎01-27-2020 09:20 AM

I am currently trying to get Maps+ functioning in our environment and had some questions before doing so:
Does this app include all visualizations/capabilities in the download?
Does the app require internet access to pull additional data?
If we decide to not use the API functionality, will the Leaflet plugins be able to do everything as advertised?
What are the standard installation steps for getting the app to work?
Thanks for any information in advance.

0 Karma
Reply

shaskell_splunk
Splunk Employee
Splunk Employee
‎01-27-2020 09:55 AM

The app comes complete with everything you need. The search head will need an Internet connection to access the tile servers to render the map. Install is the same as any other Splunk app. You can install through the UI, deployment server, search head cluster master, CLI... My guess is you're running into issues since you're not connected to the Internet.

You can use Splunk’s map tiles, but they don’t work well since they lack fidelity as you zoom in. They only goes to zoom level 7. Anything beyond that is just greyed out since there are no tiles. They work well for Splunk’s default maps since it’s just using geostats and high level aggregate data to provide a pie chart. Maps+ gives you individual point detail and requires greater fidelity to be useful.

Here’s the setting to plug into the Map Tile Override format menu option to use Splunk’s tiles.

http://:8000/en-US/splunkd/__raw/services/mbtiles/splunk-tiles/{z}/{x}/{y}

It’s possible to use an offline tile server, but it’s something you’d need to host yourself and it isn’t trivial to setup and requires a lot of compute resources. There are a lot of guides out there on how to do it. Here’s one such guide.

https://switch2osm.org/serving-tiles/

To sum it up, there really isn’t a great solution for offline use.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...