Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Geostats display custom column

rsokolova
Path Finder
‎05-07-2019 11:36 AM

Thanks in advance. I'm struggling trying to display the amount of requests per zip code however its just showing the amount of zip codes.

Search:
index=soa source="export.csv" host="misssplunksh01.corp.rndc-usa.com" index="soa" sourcetype="csv"
| geostats latfield=GEO_LAT longfield=GEO_LONG sum(TOTAL_SALES) by Zip

How the data looks like:

alt text

How the map looks like.
alt text

Please let me know if something is unclear , thanks again

Preview file
34 KB
Preview file
70 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎07-06-2019 03:22 PM

Check out the geo-based examples in the Splunk Dashboard Examples app:
https://splunkbase.splunk.com/app/1603/

0 Karma
Reply

quantum_view
New Member
‎05-07-2019 09:08 PM

Try;
|stats values(TOTAL_SALES) as "Total Sales" by Zip
Sum grabs the total of all field values while stats values grabs the each key of each value and outputs them. Let me know the news pls.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎05-07-2019 01:22 PM

Please add the SPL you used to create the table/map.

cheers, MuS

Reply

rsokolova
Path Finder
‎05-07-2019 01:55 PM

Thanks for helping @MuS , I've added the search to the main post.... Also tried using count , without by clause and using other app which is called maps for splunk but no luck so far.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎05-07-2019 02:16 PM

Have you tried:

| geostats latfield=GEO_LAT longfield=GEO_LONG count(request_field_name) AS requests by Zip
0 Karma
Reply

rsokolova
Path Finder
‎05-07-2019 05:47 PM

@MuS , just tried but didn't work.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎05-07-2019 08:11 PM

Can you please add some anonymised event samples?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...