- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Why do my location lookups consolidate to one ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why do my location lookups consolidate to one lat/long event on my heat map?
I have a dataset of events around a particular city which I wish to represent on a heat map. I have a lookup to each latitude and longitude, but when I try and produce a map it seems to combine all the events into 1 lat and long location.
How can I drill down further?
my search code looks like
index=edisyslogdata exEventType="Area Change" streetName!=NULL | lookup EdiStreetAssets StreetAsset as apId | table apId, streetName, lat, long | geostats latfield=lat longfield=long count BY apId
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your dataset of events are too near to each other . Try to use below. This app will be helpful:
https://splunkbase.splunk.com/app/3124/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I hope its because of restriction no of Clusters
By default It will be 100, change it to 10000 or 100000 & check it.
It's works for me,
In Source XML:
option name="mapping.data.maxClusters">100000/option>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ajobling1964 - did you get a chance to check with above option..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks - I have experimented with various combinations of cluster and binspanlat and binspanlong settings. The latest results in my clusters appear momentarily and then disappearing!
I guess what I'm really after is decent documentation and examples of code for heat maps (over a time period) and cluster maps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ajobling1964, you can use mapping.map.zoom and mapping.map.center to set initial location/zoom for the visualization on loading. You can use scroll to zoom in and zoom out(provided scroll zoom is enabled through Edit > Format option) or else through mapping.map.scrollZoom
Chech out Splunk documentation for Map Simple XML configuration reference: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ajobling1964, are you using built in map or some other custom visualization app which plot map?
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's the open street map which is one of the preset configurations on the Tiles tab.
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
