I need to create a circle of about 400km around a particular lat/lon on Splunk Maps and whenever an object which is also defined by a lat/lon enters within the area of 400km, I should be able to get an alert and view it real time and also be able to see when it leaves this particular area.
I was able to download the app but was not able to make it work by any means.
I would really really appreciate your input and help with this.
Thanks so much.
Drawing the circle and alerting on distance from a point are two different things.
Your real time search is going to need to be calculating the distance from the center of that region every time an object of the relevant type appears/moves/changes. That is not difficult, but it could be quite resource intensive if the number of relevant objects is high, or if there is no way to eliminate far-distant objects from the search.
My suggestion is, on your base search, to kill all objects with lats or longs that are over 400Km from the center, and then calculate the actual distance only on the remaining subset.
For example, from Dallas, which is at +32.8 N +96.8 W, it might look something like
| where lat < 37 AND lat> 29 AND long < 101 AND long>93
Making this query optimized, can be done through several means depending on the requirement.
But the primary issue is to have a circle on the map which is 350km and changes with the lat and lon that comes through the logs. I have tried haversine and cannot get that app to work. Wondering if you have ever used it might be able to shed some light on the subject. Also I have installed Shapester app which lets me draw a circle on the map of 350km. But havent been able to make that work either, as it seems to be giving me lookup errors.