All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do i create cluster map using cities geo locations in a csv

colinmchugo
Explorer
‎01-23-2018 03:31 AM

Hi All,

I have a list of cities from this open source https://www.maxmind.com/en/free-world-cities-database link. In my data, i have the names of cities for each event and I, therefore, want to create a map when a city is mentioned so i can see how many of X events per city and create a world map.

I have uploaded this txt file and saved it in a lookup table in Splunk as a .csv and i am wondering does anyone know how to do the rest?
I have an idea but a help would be great thanks.

Colin

0 Karma
Reply

dhirendra761
Contributor
‎12-04-2018 01:04 AM

This app will be helpful:
https://splunkbase.splunk.com/app/3124/

0 Karma
Reply

cmerriman
Super Champion
‎01-23-2018 05:41 AM

here is some documentation to follow. https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Viz/MarkerMap

in your csv, based on the data from maxmind, you should have the latitude and longitude.
use basesearch|geostats latfield=latitude longfield=longitude count

0 Karma
Reply

colinmchugo
Explorer
‎01-24-2018 02:44 AM

Thank you @cmerriman

I will look into this. Turns out i am being to detailed and all i really need to do is create a csv and then use a search to cross reference this csv which has about 20 rows like the following example

office code office country Lattitude Longitude
US-CA California US 36.778261 -119.4179324

So if i wanted to create a cluster map from data that has the office code, have you suggestions how I would do this? I know its using lookup& possibly geostats but i am unsure how to build the map from something that is not an IP address.

thanks so much

C.

0 Karma
Reply

cmerriman
Super Champion
‎01-24-2018 05:09 AM

if your data has the office code, you can join it to your csv with something like this:

index=office_code_data
|table office_code other_interesting_fields 
|join office_code [|inputlookup office_code.csv]
|geostats latfield=latitude longfield=longitude count
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...