Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Displaying on the map using longitude and latitude ?

puneetkharband1
Path Finder
‎01-15-2015 01:32 PM

Hi All,
I am very new to Splunk. My task is to display the location on the map using IP address.
I am able to succeed getting the Longitude and latitude. What I need next is to display it on the map or I can say point it to the map.

Please suggest how can I do this. Below is the search string I am using where I am getting the geobin, longitude and latitude

index="cc_web" sourcetype=* sourcetype= * | rex field=_raw "(?i)^(?P[^ ]+) "| search IP_address="*" | top limit=33 IP_address | iplocation IP_address| geostats first(item_number) as Item
0 Karma
Reply

puneetkharband1
Path Finder
‎01-15-2015 02:01 PM

Do I need to buy any third party extension to get the maps enabled as I tried the other widgets ..all are showing some data ..only map doesn't show any location ?

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-15-2015 03:11 PM

No you don't need to buy any third party extensions to get the maps enabled. It's your search string using the first function I think, that is disabling the data from being seen.

0 Karma
Reply

puneetkharband1
Path Finder
‎01-15-2015 01:48 PM

Thanks for your quick response .....but I tried that but I am not able to see the view points on the map ...it just stays blank on the map but below the map it shows the stats table with same values geobin longitude and latitude.

0 Karma
Reply

puneetkharband1
Path Finder
‎01-16-2015 10:45 AM

When I do count by city ..No result found
index="cc_web" sourcetype=* sourcetype= * | rex field=_raw "(?i)^(?P[^ ]+) "| search IP_address="*" | top limit=33 IP_address | iplocation IP_address | geostats count by city

When I do by Item I get the stats but nothing in Map
index="cc_web" sourcetype=* sourcetype= * | rex field=_raw "(?i)^(?P[^ ]+) "| search IP_address="*" | top limit=33 IP_address | iplocation IP_address | geostats first(item_number) as Item

0 Karma
Reply

puneetkharband1
Path Finder
‎01-16-2015 06:04 AM

If you see the search string I am pulling Ip addresses ...so If 10 IP's are coming from one location ...I wanna see that location with some display ...lets say 10% abc city.

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-16-2015 10:17 AM

I edited my answer.

0 Karma
Reply

puneetkharband1
Path Finder
‎01-15-2015 02:15 PM

first of all I do not have permissions to comment to someone's comments.

When I do | geostats count by Country I get the PIE CHART on my map....but I am looking for city.

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-15-2015 03:05 PM

Ah I see. So what should your output look like? A single dot per city, where do you want the item information?

Check out the map object options in XML.

0 Karma
Reply

puneetkharband1
Path Finder
‎01-15-2015 02:03 PM

sure I will do from now I was not allowed to comment on that earlier when I tried.

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-15-2015 02:00 PM

Try commenting on my answer (rather than answering again) to keep the flow of the conversation going (and keep answer conversations together

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-15-2015 01:38 PM

According to the comment:

If you see the search string I am pulling Ip addresses ...so If 10 IP's are coming from one location ...I wanna see that location with some display ...lets say 10% abc city.

The search:

index="cc_web" sourcetype=* sourcetype= * 
| rex field=_raw "(?i)^(?P[^ ]+) "
| search IP_address="*" 
| top limit=33 IP_address 
| iplocation IP_address
| geostats first(item_number) as Item

So it sounds like you want to change

| geostats first(item_number) as Item

to something like

| geostats count by City
Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...