Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Geostat value from field instead of count of events

skybert
Engager
‎11-27-2020 03:27 PM

I'm not able to visulize a list of values as I would.

My input is a lookup with values of kindergardens, the location (longitude, latitude), and the number of available places, like

KindergardenLatitudeLongitudeAvailPlaces
Misty Gardens15.553410.543212
Dragon's den15.634210.65334
Mighty Duck15.134210.54230

 

I would like to show a map of the kindergardens with the available places as a value.

In theory, I think this should be possible using geostats, but I can't get it to work. It almost seems like I need to split the list entries e.g. so that Dragon's den has 4 events - to use "geostat count by Kindergarden".

Is there another way of achieving this? 🙂

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎11-27-2020 04:40 PM 
index=_internal | head 1 | fields _raw | eval _raw="Kindergarden	Latitude	Longitude	AvailPlaces
Misty Gardens	15.5534	10.5432	12
Dragon's den	15.6342	10.6533	4
Mighty Duck	15.1342	10.5423	0"
| multikv
| geostats latfield=Latitude longfield=Longitude   values(AvailPlaces) by  Kindergarden

ClusterMap.png

View solution in original post

Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎11-27-2020 04:40 PM 
index=_internal | head 1 | fields _raw | eval _raw="Kindergarden	Latitude	Longitude	AvailPlaces
Misty Gardens	15.5534	10.5432	12
Dragon's den	15.6342	10.6533	4
Mighty Duck	15.1342	10.5423	0"
| multikv
| geostats latfield=Latitude longfield=Longitude   values(AvailPlaces) by  Kindergarden

ClusterMap.png

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...