All Apps and Add-ons

How to plot trasactions that has Latitude and Longitude already?

DotTest37
Path Finder

Our Web App already returns the lat and long on the Payload XML.
On the response you see something like this:
***-115.3751777777777836.542195555555555***

I successfully extracted fields with that and named them 'Latitude' and 'Longitude' but the Google Map app cannot see it (even though the fields populated with data on the left side of the screen)

Has anybody been successful plotting Lat and Long directly from the XML response?
Thanks!!

1 Solution

sideview
SplunkTrust
SplunkTrust

Yep. I did this on an app I developed for one of my customers not long ago. We wanted to use the GoogleMaps module but we already had latitude and longitude in the events so we didnt need the lookup.

You may be tripped up by the same thing I was, which is that while the lookup outputs lots of fields, the only fields the GoogleMaps module looks for are "_lat" and "_lng".

(Note the underscores and also note especially the lack of "o" in "_lng". )

Feed this to the GoogleMaps module and it should work.

<your search> | eval _lat=Latitude | eval _lng=Longitude

View solution in original post

sideview
SplunkTrust
SplunkTrust

Yep. I did this on an app I developed for one of my customers not long ago. We wanted to use the GoogleMaps module but we already had latitude and longitude in the events so we didnt need the lookup.

You may be tripped up by the same thing I was, which is that while the lookup outputs lots of fields, the only fields the GoogleMaps module looks for are "_lat" and "_lng".

(Note the underscores and also note especially the lack of "o" in "_lng". )

Feed this to the GoogleMaps module and it should work.

<your search> | eval _lat=Latitude | eval _lng=Longitude

ziegfried
Influencer

Please note: In the new version you have to use the _geo field with the combined lat/lng value:

<your search> | eval _geo=Latitude+","+Longitude

DotTest37
Path Finder

Thanks for assisting me Nick!
Your suggestion worked perfect.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...