I am very new to this splunk world. pls let me know the steps to use google map addon in splunk.. and also is it possible to use the latitude and longitude data(already present in my file) to plot country in google map?? Please share your answers....Thanks in advance..:-)
source="E:\data\newdata\voicecdr1mil.csv" NOT "CallingCellID" TerminationReason!=1 | table CallingCellID | where CallingCellID!=" " | eval BaseTransceiverStationCode=substr(CallingCellID,11,4)| table BaseTransceiverStationCode | join BaseTransceiverStationCode [search source="E:\data\BTSInformation1.txt"] | table BaseTransceiverStationCode,Longitude,Latitude. This is my search query. I want cities to be plotted on map so pls let me know how to do this using latitude and longitude data?? Thanks in advance.
What problems have you had in particular?
The detail in the summary page and in the example dashboards with the app are all really clear and its one of the easiest apps to get installed and get started with 🙂 (its been around a while)
You don't need to start a new question to continue this one on, in answer to your query, have you read the link I pasted in the other answer? (where you downloaded it from).
From those docs;
Manual building the _geo field If you don't want to use the geonormalize command or if the location fields do not match any naming scheme, you can manually build the _geo field. Example: eventtype=phone_activation | eval _geo=phone_loc_1+","+phone_loc_2 (Assuming that phone_loc_1 contains the latitude and phone_loc_2 contains the longitude)
Basically, the app uses a _geo field to build the coordinates to plot on the map, follow the instructions above to build this manually for your query. Also bear in mind that you won't see the field appear if you test it in a flashtimeline as _ fields are hidden.
To test it you could do
| eval geo=... to make sure its building the right field first.
Just as you would with any other module, put a search upstream from the google maps module with the _geo field being populated. For some good examples have a look at the Google Maps app once installed, it has example dashboards that you can copy and just edit the searches of.
If you go to Manager in the top right, click on Apps, then next to Google maps is a permissions box, change the permissions so it exports globally, Not just for this app.