Splunk Search

Generate a choropleth map based on the states using geo_us_states

rohit_kothuru
New Member

I am trying to generate a Choropleth map to show the density of requests for each state in the US.

I am using the below query :

rex field=_raw ".*State -(?.*) for.*" | search searchState != null |stats count by searchState |geom geo_us_states featureIdField=searchState

searchState count featureCollection geom
California 2 geo_us_states

Connecticut 2 geo_us_states

The above is the output I am getting and not getting any results on the map visualization.
I don't see any issue in the job log as well. Can someone help me out in this.

(EDIT - I changed the code to be in "code" tags to make Answers not eat characters - Rich)

Tags (1)
0 Karma

Richfez
SplunkTrust
SplunkTrust

Interesting - where the field geom is specified, you should have a bunch of stuff, like ...

 {"type":"multipolygon", "coordinates": [[[[lots of numbers here ... LOTS of numbers here... 🙂 ... }

Can you try this run-anywhere search?

| makeresults | eval state="California" | stats count by state | geom geo_us_states featureIdField=state

When it runs, in your statistics tab you should have output like I describe above for California. In the visualizations tab you should see a US or world map, with California in light pink.

Let us know what you find!

0 Karma

rohit_kothuru
New Member

@rich7177

I ran the run-anywhere search and I am able to see California in light pink.

0 Karma

rohit_kothuru
New Member

@rich7177

It was a mistake from my side. The state was having spaces and because of this was not getting mapped.

If I run the query ( with geom geo_us_states ) I am getting the world map but I want only the map of US. Is there any way to achieve this?

0 Karma

Richfez
SplunkTrust
SplunkTrust

In the settings for the map, there's a way to set the default zoom level. If you get it zoomed in how you want, then set that, it should remember your settings.

0 Karma

rohit_kothuru
New Member

Correct query:

rex field=_raw ".State -(?.) for.*" | search searchState != null |stats count by searchState |geom geo_us_states featureIdField=searchState

0 Karma

Richfez
SplunkTrust
SplunkTrust

Oh and I see you did that too. Well, no harm done. 🙂

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...