Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I modify my search so that results appear on a map?

alanbudd
Explorer
‎09-20-2016 09:55 AM

Good day

I am a new user on Splunk Enterprise and am trying to generate a map from search data.
The guy that developed the original search that I am using is no longer working here and unavailable to ask.

When I run the following search

index=radware host=x.x.x.x action="drop" NOT src="y.y.y.y" NOT src="0.0.0.0" |fields src | stats count as _geo_count by src | geoip src | search _geo=*

I do get a result set with seemingly valid results
alt text

However when I go to the visualization tab I just get a blank map
alt text

Going through older reports (stored outside of Splunk as pdfs) the above search returns valid maps.

The fact that I am getting valid results and a blank map indicates to me that the search is not the issue but could be a formatting issue.

Some advice on where to look next would be appreciated.

Thanks

Preview file
94 KB
Preview file
154 KB
0 Karma
Reply

sundareshr
Legend
‎09-20-2016 10:11 AM

Try this

 index=radware host=x.x.x.x action="drop" NOT src="y.y.y.y" NOT src="0.0.0.0" |fields src | stats count as _geo_count by src | geoip src | search _geo=* |  geostats latfield=src_latitude longfield=src_longitude count
Reply

alanbudd
Explorer
‎09-20-2016 10:24 AM

Thanks that put the bubbles on the map.

This is an image of what the original maps looked like (didn't have enough points to post it on the original question)
I don't find any formating options on the visulation tab that seem to apply. How do I make my map look similar to the orginal?

Thanks again

alt text

Preview file
186 KB
0 Karma
Reply

sundareshr
Legend
‎09-20-2016 10:58 AM

Where did you see this?

0 Karma
Reply

alanbudd
Explorer
‎09-20-2016 11:21 AM

Going through older reports (stored outside of Splunk as pdfs) the documentation available indicates that the person I took over from used the above search and created these maps directly within Splunk. However, I can't find any info on how they are formated.

0 Karma
Reply

sundareshr
Legend
‎09-20-2016 11:38 AM

There must be an app installed in your instance which was used in a dashboard.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...