Dashboards & Visualizations

Cluster map

gjhaaland
Explorer

Hi,

I  have created a Cluster Map that show number of counts  based on number of ASA blocked actions.  The circle size is based on number of hits. A bigger circle represent more counts than a small circle.  So far so good. It looks ok, but would be even better if I could change color based on number of counts/hits. 

Is it also possible change color based on destination portnumber (80,23,22++) 

 

Thanks 

Geir

Labels (1)
0 Karma
1 Solution

bowesmana
SplunkTrust
SplunkTrust

In the Splunkbase site details tab there is a link to the github documentation

https://github.com/sghaskell/maps-plus

Also, there are lots of examples in the app itself, so you can look at those searches to see how they are producing things.

View solution in original post

0 Karma

gjhaaland
Explorer

Thanks 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

If you want to get a lot of flexibility with maps, then use the maps+ vizualisation

https://splunkbase.splunk.com/app/3124

You have a number of options for defining colour by adding your colour values to the rows of your results

 

0 Karma

gjhaaland
Explorer

Hi,

Thanks.  I have installed the image but it looks some difficult to use it.  Is it possible to get manual or description how to use it? 

Rgds

Geir

0 Karma

bowesmana
SplunkTrust
SplunkTrust

In the Splunkbase site details tab there is a link to the github documentation

https://github.com/sghaskell/maps-plus

Also, there are lots of examples in the app itself, so you can look at those searches to see how they are producing things.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...