All Apps and Add-ons

How do i create cluster map using cities geo locations in a csv

colinmchugo
Explorer

Hi All,

I have a list of cities from this open source https://www.maxmind.com/en/free-world-cities-database link. In my data, i have the names of cities for each event and I, therefore, want to create a map when a city is mentioned so i can see how many of X events per city and create a world map.

I have uploaded this txt file and saved it in a lookup table in Splunk as a .csv and i am wondering does anyone know how to do the rest?
I have an idea but a help would be great thanks.

Colin

0 Karma

dhirendra761
Contributor

This app will be helpful:
https://splunkbase.splunk.com/app/3124/

0 Karma

cmerriman
Super Champion

here is some documentation to follow. https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Viz/MarkerMap

in your csv, based on the data from maxmind, you should have the latitude and longitude.
use basesearch|geostats latfield=latitude longfield=longitude count

0 Karma

colinmchugo
Explorer

Thank you @cmerriman

I will look into this. Turns out i am being to detailed and all i really need to do is create a csv and then use a search to cross reference this csv which has about 20 rows like the following example

office code office country Lattitude Longitude
US-CA California US 36.778261 -119.4179324

So if i wanted to create a cluster map from data that has the office code, have you suggestions how I would do this? I know its using lookup& possibly geostats but i am unsure how to build the map from something that is not an IP address.

thanks so much

C.

0 Karma

cmerriman
Super Champion

if your data has the office code, you can join it to your csv with something like this:

index=office_code_data
|table office_code other_interesting_fields 
|join office_code [|inputlookup office_code.csv]
|geostats latfield=latitude longfield=longitude count
0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...