You need to map those names to geographic locations (ie. latitude and longitude). Splunk builtin lookup mechanism is absolutely suited for such a use-case. A lookup table could look like this:
city,_geo "City1","47.11,8.15" "City2","28.77,7.99" ...
You can find more information on how to build lookups in Splunk here:
You should be able to find sources for such lookups somewhere in the internet. For example this site: http://geocoder.ca/?freedata=1 provides a table with US City names and their geographic location.
Another option is to use geocoding services, but that probably requires a lot resources and will slow down the search significantly.
I was trying to write some geocoding lookup script so any place or address can be changed into _geo. (or put google map API into map module so search results of names of place/addresses can be plotted on the map)
This works pretty good for me now, so I will go with this solution.
Hope you are doing good..!!! Did you able to complete the script for geocoding lookup? If Yes , can you please provide more details how we can use that script in Splunk?