Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

country code to Choropleth ?

posinga
New Member
‎03-24-2017 03:11 AM

I'm trying to get country codes in to the Choropleth map, but i'm a bit stuck.
I'm using the following search

index="someindex*" what=tagged | lookup geo_countries longitude as Longitude, latitude as Latitude | top limit=20 country_code  | rename country_code to country  | geom geo_countries featureIdField="country"

The output is as follows
alt text

How can I get the colors / numbers on the map with this set of data ?

*Update *
With the following query i'm able to get the stats in the map. Though since you cannot change the bin scale only the US is colored, while the rest of the world maps stays white.

index="someindex*" what=tagged | stats count by country_code |  rename country_code AS iso2 |lookup geo_attr_countries iso2 OUTPUT country |  fields+ count, country, geom | geom geo_countries featureIdField="country"

alt text

regards,
Pascal

Preview file
80 KB
Preview file
121 KB
0 Karma
Reply

DalJeanis
Legend
‎03-24-2017 02:06 PM

Okay, you are trying to use 2-digit country_code but feeding them in as country, which is a different field...

Try this - 

 index="someindex*" what=tagged 
| lookup geo_countries longitude as Longitude, latitude as Latitude OUTPUT country
| top limit=20 country 
| geom geo_countries featureIdField="country"

Reference-
https://answers.splunk.com/answers/378193/is-it-possible-to-use-a-countrycode-us-for-the-geo.html

0 Karma
Reply

posinga
New Member
‎03-25-2017 01:32 AM

Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table.
The search job has failed due to an error. You may be able view the job in the Job Inspector.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...