Splunk Search
Highlighted

Displaying on the map using longitude and latitude ?

Hi All,
I am very new to Splunk. My task is to display the location on the map using IP address.
I am able to succeed getting the Longitude and latitude. What I need next is to display it on the map or I can say point it to the map.

Please suggest how can I do this. Below is the search string I am using where I am getting the geobin, longitude and latitude

index="cc_web" sourcetype=* sourcetype= * | rex field=_raw "(?i)^(?P[^ ]+) "| search IP_address="*" | top limit=33 IP_address | iplocation IP_address| geostats first(item_number) as Item
0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

Splunk Employee
Splunk Employee

According to the comment:

If you see the search string I am pulling Ip addresses ...so If 10 IP's are coming from one location ...I wanna see that location with some display ...lets say 10% abc city.

The search:

index="cc_web" sourcetype=* sourcetype= * 
| rex field=_raw "(?i)^(?P[^ ]+) "
| search IP_address="*" 
| top limit=33 IP_address 
| iplocation IP_address
| geostats first(item_number) as Item

So it sounds like you want to change

| geostats first(item_number) as Item

to something like

| geostats count by City
0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

Thanks for your quick response .....but I tried that but I am not able to see the view points on the map ...it just stays blank on the map but below the map it shows the stats table with same values geobin longitude and latitude.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

Splunk Employee
Splunk Employee

Try commenting on my answer (rather than answering again) to keep the flow of the conversation going (and keep answer conversations together

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

sure I will do from now I was not allowed to comment on that earlier when I tried.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

first of all I do not have permissions to comment to someone's comments.

When I do | geostats count by Country I get the PIE CHART on my map....but I am looking for city.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

Splunk Employee
Splunk Employee

Ah I see. So what should your output look like? A single dot per city, where do you want the item information?

Check out the map object options in XML.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

If you see the search string I am pulling Ip addresses ...so If 10 IP's are coming from one location ...I wanna see that location with some display ...lets say 10% abc city.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

Splunk Employee
Splunk Employee

I edited my answer.

0 Karma
Highlighted

Re: Displaying on the map using longitude and latitude ?

When I do count by city ..No result found
index="ccweb" sourcetype=* sourcetype= * | rex field=raw "(?i)^(?P[^ ]+) "| search IPaddress="*" | top limit=33 IPaddress | iplocation IP_address | geostats count by city

When I do by Item I get the stats but nothing in Map
index="ccweb" sourcetype=* sourcetype= * | rex field=raw "(?i)^(?P[^ ]+) "| search IPaddress="*" | top limit=33 IPaddress | iplocation IPaddress | geostats first(itemnumber) as Item

0 Karma