All Apps and Add-ons

Can the Shapester - Geo Shape Editor app work to draw and set up geofencing within the Route Map Demo Application?

Imjusttesting
Explorer

I'm using the Route Map Demo App for one of my designs. Does Shapester allow me to draw and set up geofencing within Route Map?

https://splunkbase.splunk.com/app/1628/

Thanks 🙂

0 Karma
1 Solution

mporath_splunk
Splunk Employee
Splunk Employee

Assuming the lookup you chose is called geo_my_shapes, the search for geofence looks something like this:

...
 | lookup geo_my_shapes latitude longitude OUTPUT SchoolCompound 
 | featureId=*

If the result is not empty (> 1 line) that means the geofence "fired", and at least 1 event was within the fenced area. You could then trigger an alert based on that exact search.

View solution in original post

0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

Assuming the lookup you chose is called geo_my_shapes, the search for geofence looks something like this:

...
 | lookup geo_my_shapes latitude longitude OUTPUT SchoolCompound 
 | featureId=*

If the result is not empty (> 1 line) that means the geofence "fired", and at least 1 event was within the fenced area. You could then trigger an alert based on that exact search.

0 Karma

Imjusttesting
Explorer

Hey Guys,

I ran into some issue with the app.

1) We created a user role so only they can see their respective Geofence in the lookup file. We set restriction for all individual users.

2) When we go into Shapster with 1 of the 'user role', we are able to see all the other user Geo_Lookup when we click on 'Load".

Is there a way to fix this?

0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

That seems right providing that other geoshapes are permissioned to be seen by all users.
Try the reverse. Logging in as another user (not admin) and see if you can see the lookup you created

0 Karma

Imjusttesting
Explorer

not too sure if is anything that gotta do with the way i set the user role.
The Shapester is linked to another APP that i've created.
1) I've set only user role in that APP but not the Shapster APP.
Below is a screenshot of the user permission for the Shapster APP.

https://drive.google.com/file/d/0B1nXkGdlsvvPU3JDRDdQWHJ2VXM/view?usp=sharing

2) User a/b can set their own Geofencing but only see their respective Geofence area only.

0 Karma

Imjusttesting
Explorer

Yeap. I log in as another user (not admin) and i can see all the other users Geo_Lookup when i click on 'Load".

0 Karma

Imjusttesting
Explorer

Thanks Porath,

I misread the documentation in your app. I should be changing geo_my_shapes instead of featureId

So the search should read like below, assuming the area is geo_SchoolCompound

sourcetype=earthquakes 
| lookup geo_SchoolCompound latitude longitude OUTPUT featureId 
| stats max(mag) by featureId 
| geom geo_SchoolCompound featureIdField=featureId

I tried looking at the lookup file created after i draw the fenced area but i couldn't find a list of coordinates within the area. Just wondering what is the background behind to make this app works.

Also, will the search be extensive as there are new events coming in every few secs, thus Splunk have to do constant lookup every few sec too?

Btw, i saw the Splunk conference. Great speech 🙂

0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

Thanks! Glad you liked it!

The lookup file creates a .kmz file. You can open it with GIS apps like Google Earth to review the coordinates.

As far as performance goes, the lookup is fairly performant and shouldn't pose much of a burden on your resources, contingent upon the magnitude of events of course.

0 Karma

Imjusttesting
Explorer

Yeah, is really good 🙂 I do have some feedback on how to improve the Geofencing but too bad I'm not a developer so i cant do it but i can provide some feedback 🙂

In term of the search language, am i on the right track ?
I apologise for asking that but my Splunk SPL is at the basic and i'm trying to learn everyday.

Noted. I guess is okay to handle about 100 devices for now. I've to put it in real world testing to know if that will be a burden on the resources.

Thanks so much

0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

you're on the right track.
Again, instead of using stats and geom it will be enough for you to do this:

 sourcetype=earthquakes 
 | lookup geo_SchoolCompound latitude longitude OUTPUT featureId 
 | featureId=*

This filters out any event not in the geofence

0 Karma

Imjusttesting
Explorer

Great, you're a life saver

I'll give it a try and post here if it work or not 🙂

Finger cross

0 Karma

Imjusttesting
Explorer

Thanks Porath,

I did a search based on what you recommended and it works but within my search string I've to divide both Lat/Lon by 10000 before the search return the result.

I'll try to modify it and post here again if i've any other questions

0 Karma

jeffland
SplunkTrust
SplunkTrust

Based on your comments, you'll want to use your created shapes with a lookup to see if your coordinate belongs to any shape (and which one, if needed).

See this example:

| stats count | fields - count | eval lat="53" | eval lon="11" | lookup geo_countries longitude as lon, latitude as lat

This will show you that the given coordinates are in the geoshape named "Germany". If you change the search to this:

| stats count | fields - count | eval lat="55" | eval lon="14" | lookup geo_countries longitude as lon, latitude as lat

You'll notice that there is value for the field featureID, because the given coordinate is not inside any region defined in the shapefile.
If you do just that with your own shape and coordinates, you should be good to go.

Imjusttesting
Explorer

I assume your search is based on "Shapester".
The lookup is to informed me when did the device entered the shaped drawn and not if the coordinates belong to any shape. (Or maybe i misread you as it could be the same meaning)

Example, i've saved a drawn Geofencing in Shapester and named it as "School Compound" and that will appeared in the lookup file.
The area or radius i wish to Geofence is "52,258570, 10,51598"

I replaced featureID with SchoolCompound

Will the search string look something like this?

sourcetype=earthquakes 
| lookup geo_my_shapes latitude longitude OUTPUT SchoolCompound 
| stats max(mag) by SchoolCompound 
| geom geo_my_shapes featureIdField=SchoolCompound
| stats count | fields - count | eval lat="52,258570" | eval lon="10,51598" | lookup geo_countries longitude as lon, latitude as lat
0 Karma

jeffland
SplunkTrust
SplunkTrust

Not exactly. Shapester is an app with the sole purpose of aiding you when creating shapes from within splunk, it has nothing to do with the use of those shapes later on. The geo_countries lookup I mentioned is from splunk for example, everyone (with splunk 6.3+ of course) has it regardless of the fact whether Shapester is installed.

But you are right that you misread something as there is no difference in whether a coordinate (which your device sends) is within a shape or whether it "belongs" to a shape. I just tried to get you on the right track with what the idea behind all this is - there are shapes, and you can check whether a coordinate is within one of them (and if yes, which one).

The search you posted is a good start. You need a base search that will return data with coordinates (in your case, I guess sourcetype=earthquakes will do). To use the following lookup the way you do, your data has to have the fields latitude and longitude - if they are named Lat and Lon for example, you'll need to do

| lookup geo_my_shapes latitude as Lat longitude as Lon

After that OUTPUT however, you have to specify the field name you want to output - and that will always be featureId when dealing with these geoshapes. The value of this field can be SchoolCompound, but the field name is featureId.
After this lookup, you're almost done. As with all lookups, this will simply add the field(s) defined after OUTPUT to your existing data, so any event or line in a table with a coordinate that can be found in a shape of your lookup will have the corresponding value in the featureId field. You can also rename that field by using OUTPUT featureId as some_new_field_name.
At this point, you have all the info you need - if your coordinate is within your shape, you will see that by a non-empty feautreId field.

0 Karma

Imjusttesting
Explorer

@Jeffland,

Thanks for the input. I'm wondering if i can have your email and we can take this offline?
I've other related questions on this topic too

Many thanks

0 Karma

jeffland
SplunkTrust
SplunkTrust

Feel free to join #splunk if you seek direct support - its even easier than mail if you don't want to open separate questions here. I'm not that frequently there, but there is usually a bunch of people who can help you out (depending on the time of day of course - in my experience, before 6 or 7 pm UTC the channel is still rather sleepy).

0 Karma

Imjusttesting
Explorer

Thanks.

No problem 🙂

0 Karma

jeffland
SplunkTrust
SplunkTrust

The Shapester App lets you select your tiles from CartoDB Light and Dark, OpenStreetMap Mapnik and Esri WorldImagery as it is. If you know how to access the Route Map tiles, you can add them as a selection to the app (I believe you'll need to edit appserver/static/components/map/map.js). The tiles used in the Route Map app are simply google maps tiles though, so I doubt this is what you want.

Did you mean you want to be able to draw shapes inside the Route Map app, just like you can within the Shapester app? That would require you to combine the two, which I doubt is an easy task.

0 Karma

Imjusttesting
Explorer

I did look at the map but that is not what we are looking for. We are searching for a way to write a search so that Splunk is able to identify when the device is within the drawn area.

We tried to have a dashboard for user to input Lat/Lon but we dont really know how to write a search to determine/identify when a device is within the Geofencing area.

We explored "Shapester" but we face the same issue of not able to write a search to determine/identify when a device is within the Geofencing area.

0 Karma

Imjusttesting
Explorer

Thank Jeffland,

I dont need to Draw the shapes within Route Map, we are okay for the user to click on "Shapester" and bring them to the App to draw the Geofencing or Area.

But we are running a slight issue is that we're not too sure how we could write a search and tell Splunk that a certain device has entered the Geofence drawn on Shapester. (We have a device that is sending Lat/Lon data into Splunk every 30s.)

Appreciate your help on this

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...