Dashboards & Visualizations

Why do my location lookups consolidate to one lat/long event on my heat map?

New Member

I have a dataset of events around a particular city which I wish to represent on a heat map. I have a lookup to each latitude and longitude, but when I try and produce a map it seems to combine all the events into 1 lat and long location.
How can I drill down further?

my search code looks like

index=edisyslogdata exEventType="Area Change" streetName!=NULL | lookup EdiStreetAssets StreetAsset as apId | table apId, streetName, lat, long | geostats latfield=lat longfield=long count BY apId
0 Karma

Contributor

Your dataset of events are too near to each other . Try to use below. This app will be helpful:
https://splunkbase.splunk.com/app/3124/

0 Karma

Path Finder

I hope its because of restriction no of Clusters
By default It will be 100, change it to 10000 or 100000 & check it.

It's works for me,

In Source XML:

option name="mapping.data.maxClusters">100000/option>

Path Finder

@ajobling1964 - did you get a chance to check with above option..

0 Karma

New Member

thanks - I have experimented with various combinations of cluster and binspanlat and binspanlong settings. The latest results in my clusters appear momentarily and then disappearing!
I guess what I'm really after is decent documentation and examples of code for heat maps (over a time period) and cluster maps.

0 Karma

Legend

@ajobling1964, you can use mapping.map.zoom and mapping.map.center to set initial location/zoom for the visualization on loading. You can use scroll to zoom in and zoom out(provided scroll zoom is enabled through Edit > Format option) or else through mapping.map.scrollZoom

Chech out Splunk documentation for Map Simple XML configuration reference: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Legend

@ajobling1964, are you using built in map or some other custom visualization app which plot map?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

New Member

It's the open street map which is one of the preset configurations on the Tiles tab.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!