Dashboards & Visualizations

Maps, geostats and geom commands- What is wrong with my search?

hmohta
Path Finder

hello everyone

Now I have been getting cluster Maps and Choropleth Maps generated , but a few issues with them.

q1.when I add the same command from search app to the panel in the dash I loose all the state/regions names too!! works with the zoom function, is that ok?


2.  query: why do I have multiple tiles of the same regions running through how can I just create the view where I can see regions only where events have occurred? Screenshot attachedCloropeth Map_2.png

I know the legend doesn't match the map as values show 0, but they change and seem to be ok after 10/15 mins, I dont know why!!

I am trying to search for failed/successful applications logins by region/city/or country.

my query:

 

index=a sourcetype=ab

| iplocation ip
| search status=failure AND connectionname=" ABwebsite"
| stats count by Country| geom geo_countries allFeatures=True featureIdField=Country

 

if I don't add ip, no values populate on the map, there's just color.

 

Thankyou for looking into the query.

 

Labels (2)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...