to4kawa

Becherer · ‎01-15-2020

When I perform a search, the "events tab" count match actual data. Once I add "| geostats latfield=Latitude longfield=Longitude " to the search box, to be able to display on map, the results in the "statistics tab" go up in count by 11 and is not giving actual results. How can I have the geomap command look at the events and not "statistics tab"?

Why does the statistics results add 11 results compared to the events tab?

Thanks

to4kawa · ‎01-15-2020

geostats

The reason is that the number of fields being aggregated is different from the number of events. (e.g. no field)

by the way, what's stats-agg-term? and is your search mode Verbose?

Becherer · ‎01-16-2020

to4kawa

Is there a way for me to only aggregate the exact number of events?

to4kawa · ‎01-16-2020

simply,
geostats count latfield=Latitude longfield=Longitude

p.s. if you want to mention others, use @username not >

Event and Statistics not the same- Geostats

to4kawa

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Are you a member of the Splunk Community?

Event and Statistics not the same- Geostats

to4kawa

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions