just found out that there is no map visualization available if you use Pivot.
You can add attributes to get the geo location data from an IP address but you can't visualize it, currently.
Only workaround I see is the '| datamodel' command:
| datamodel MyModel WebSales search | geostats latfield=WebSales.clientip_lat longfield=WebSales.clientip_long sum(WebSales.price) by WebSales.product_id
This is a lot of typing... 😞
Any other idea?
here is a good tutorial for some other way to get a map using data model:
tstats would be another command that could be used
hope that helps ...
The first one is JS magic. Looks cool but not exactly my point.
And no map mantioned there?????
I was talking about the Splunk Pivot function which relies on a data model.
TStats... that's another option, indeed. Pipe this output to geostats.
But it's only working if you have accelerated the data model.
Would look like this:
| tstats .... | iplocation ip_field ... | geostats ...
Turn it into a map.
Good idea. Still manual work 🙂
uppsss too many open tabs, so I pasted the wrong URL! Updated the answer to point to the correct URL. And yes, from the pivot editor you're not able to create a map directly 😞
Sorry, missed the edited link completely...
Cool stuff and tips... worth trying!