Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I resolve this geostats error?

Shakeer_Spl
Explorer
‎02-22-2023 12:52 PM

Hi splunkers,

I would like to inform you that i am using below geostat spl, but i am unable to get result can anyone help me please where i am doing mistake i have chosen .csv file source type when i am trying to get spl result it says no data found

index="main" | geostats latfield=vendorlatitude longfield=vendorlongtitude count by vendorcountry

Shakeer_Spl_0-1677098484740.pngShakeer_Spl_1-1677098537948.png

Would be appreciate your kind support. thanks in advance

Labels (2)
0 Karma
Reply

Shakeer_Spl
Explorer
‎02-25-2023 01:38 PM

Thanks for your  valuable time and support

as per your instructions i did the same steps but still unable get the result please find the below attached screen shots moreover i changed file format as well UTF-8 and ANSI but still same please help me in this Regard would be appreciate your kind support

1) index=main
| lookup testlookup.csv splunk-testdata1 OUTPUT vendorcountry vendor latitude vendor longitude
| geostats latfield=vendorlatitude longfield=vendorlongitude count by vendorcountry

2)index=main
| lookup testlookup.csv splunk-testdata1 OUTPUT vendorcountry vendor latitude vendor longitude
| geostats latfield="vendorlatitude" longfield="vendorlongitude" count by "vendorcountry"

if i search  following query | inputsearch testlookup.csv getting results

Shakeer_Spl_1-1677360843914.png

 

 
 
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-25-2023 04:50 PM

Perhaps it's a typo, but vendor latitude is treated as two different fields - vendor and latitude. Try vendorlatitude (or whatever field is in your CSV file).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-23-2023 10:39 AM

The geostats command will not reach into a random CSV file to resolve a field reference.  If the field is not in the index, then use the lookup command to map existing field(s) to those used in geostats.

 

index=main
| lookup mylookup.csv vendor OUTPUT vendorcountry vendorlatitude vendorlongtitude 
| geostats latfield=vendorlatitude longfield=vendorlongtitude count by vendorcountry

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...