Hi, I am using Splunk 4.2 and downloaded Google Maps app.
I am trying to have mapped several fixed locations, out of a local CamGeo.csv file at Splunk server, which data was added to Index "tigre".
The file contains sample data like this:
CamName,Latitude,Longitude
CAM001,-34.43164256,-58.58422379
CAM002,-34.4249198,-58.59978943
CAM003,-34.43167498,-58.59379176
If I use search within the Google Maps app initial screen "search index="tigre" source=CamGeo.csv " I am getting back the 47 events that the file contains. The search is getting data properly separated on fields "CamName" , "Latitide" and "Longitude"
However the map part of the screen shows 0 results with location information ( 0 distinct locations ) over all time
I need to know how to pass these fiels to the app so that they are shown on map.
Thanks!
Cesar
The documentation for the app specifies that the field you need in the rows is called "_geo", of the form "
http://splunk-base.splunk.com/apps/22365/google-maps
So if you've already got fields called Latitude and Longitude successfully extracted, this will work:
index="tigre" source=CamGeo.csv | eval _geo=Latitude+Longitude
and the app also provides a geonormalize
command that may see the uppercase Latitude and Longitude fields and convert them automatically, but I cant say for sure.
The documentation for the app specifies that the field you need in the rows is called "_geo", of the form "
http://splunk-base.splunk.com/apps/22365/google-maps
So if you've already got fields called Latitude and Longitude successfully extracted, this will work:
index="tigre" source=CamGeo.csv | eval _geo=Latitude+Longitude
and the app also provides a geonormalize
command that may see the uppercase Latitude and Longitude fields and convert them automatically, but I cant say for sure.
Sadly genormalize only detects lowercase fieldnames... I'll fix that in a future version.