Dashboards & Visualizations
Highlighted

Help with creating a geostats map with specific bubble color

New Member

I have a list of companies that report errors to me and I would like to track how many errors each company is experiancing. I would like to have a map visualization that could show each company as their own bubble. I would also like the bubbles to be color coded by their range of errors.

For example, any company that reports less than 100 errors would be green; between 100-300 yellow and 300+ red.

I have tried:

index=custstats
| stats sum(Errors) as CompanyError by CustNo
| geostats latfield=lat longfield=long sum(Errors) 

but this returns no results. I'm not sure how to make this work.

0 Karma
Highlighted

Re: Help with creating a geostats map with specific bubble color

New Member

Another issue I'm running into is that it groups all of the companies with low amount of errors together into "Other"but I would like to see the value for every company

0 Karma
Highlighted

Re: Help with creating a geostats map with specific bubble color

Legend

@kelseycasco try one of the following answers of mine and see whether it fits the need.

https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html
https://answers.splunk.com/answers/484003/geostats-unable-to-set-color-ranges-properly.html
https://answers.splunk.com/answers/112925/geostats-and-rangemap.html
https://answers.splunk.com/answers/658506/how-to-edit-the-map-marker-color-in-custom-cluster.html
Also your query should have been

index=custstats
| stats sum(Errors) as CompanyError by CustNo
| lookup ..................................... ---> To fetch Latitude and Longitude fields for Customer Number.
| geostats latfield=lat longfield=long sum(CompanyError) 



| eval message="Happy Splunking!!!"


0 Karma
Highlighted

Re: Help with creating a geostats map with specific bubble color

New Member

I'm new to Splunk, can you explain why I need lookup?

0 Karma
Highlighted

Re: Help with creating a geostats map with specific bubble color

New Member

I can't seem to fine the answer in those posts. I would like to set the colors based off of something like
if sum(errors)<100 cluster=green; if sum(errors)<300 cluster=yellow; if sum(errors)>300 cluster=red. The idea is that I can see the map of all my companies/customers and quickly see which ones are sending back the most errors or at least visualize their status.

0 Karma