- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Help with creating a geostats map with specific bu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help with creating a geostats map with specific bubble color
I have a list of companies that report errors to me and I would like to track how many errors each company is experiancing. I would like to have a map visualization that could show each company as their own bubble. I would also like the bubbles to be color coded by their range of errors.
For example, any company that reports less than 100 errors would be green; between 100-300 yellow and 300+ red.
I have tried:
index=custstats
| stats sum(Errors) as CompanyError by CustNo
| geostats latfield=lat longfield=long sum(Errors)
but this returns no results. I'm not sure how to make this work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kelseycasco try one of the following answers of mine and see whether it fits the need.
https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html
https://answers.splunk.com/answers/484003/geostats-unable-to-set-color-ranges-properly.html
https://answers.splunk.com/answers/112925/geostats-and-rangemap.html
https://answers.splunk.com/answers/658506/how-to-edit-the-map-marker-color-in-custom-cluster.html
Also your query should have been
index=custstats
| stats sum(Errors) as CompanyError by CustNo
| lookup ..................................... ---> To fetch Latitude and Longitude fields for Customer Number.
| geostats latfield=lat longfield=long sum(CompanyError)
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm new to Splunk, can you explain why I need lookup?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can't seem to fine the answer in those posts. I would like to set the colors based off of something like
if sum(errors)<100 cluster=green; if sum(errors)<300 cluster=yellow; if sum(errors)>300 cluster=red. The idea is that I can see the map of all my companies/customers and quickly see which ones are sending back the most errors or at least visualize their status.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another issue I'm running into is that it groups all of the companies with low amount of errors together into "Other"but I would like to see the value for every company
Enterprise Security Content Update (ESCU) | New Releases
Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest
We’ve Got Education Validation!
