I have a dataset of events around a particular city which I wish to represent on a heat map. I have a lookup to each latitude and longitude, but when I try and produce a map it seems to combine all the events into 1 lat and long location.
How can I drill down further?
my search code looks like
index=edisyslogdata exEventType="Area Change" streetName!=NULL | lookup EdiStreetAssets StreetAsset as apId | table apId, streetName, lat, long | geostats latfield=lat longfield=long count BY apId
I hope its because of restriction no of Clusters
By default It will be 100, change it to 10000 or 100000 & check it.
It's works for me,
In Source XML:
thanks - I have experimented with various combinations of cluster and binspanlat and binspanlong settings. The latest results in my clusters appear momentarily and then disappearing!
I guess what I'm really after is decent documentation and examples of code for heat maps (over a time period) and cluster maps.
@ajobling1964, you can use
mapping.map.center to set initial location/zoom for the visualization on loading. You can use scroll to zoom in and zoom out(provided scroll zoom is enabled through Edit > Format option) or else through
Chech out Splunk documentation for Map Simple XML configuration reference: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map
@ajobling1964, are you using built in map or some other custom visualization app which plot map?