Solved: Geostat value from field instead of count of event...

skybert · ‎11-27-2020

I'm not able to visulize a list of values as I would.

My input is a lookup with values of kindergardens, the location (longitude, latitude), and the number of available places, like

Kindergarden	Latitude	Longitude	AvailPlaces
Misty Gardens	15.5534	10.5432	12
Dragon's den	15.6342	10.6533	4
Mighty Duck	15.1342	10.5423	0

I would like to show a map of the kindergardens with the available places as a value.

In theory, I think this should be possible using geostats, but I can't get it to work. It almost seems like I need to split the list entries e.g. so that Dragon's den has 4 events - to use "geostat count by Kindergarden".

Is there another way of achieving this? 🙂

to4kawa · ‎11-27-2020

index=_internal | head 1 | fields _raw | eval _raw="Kindergarden	Latitude	Longitude	AvailPlaces
Misty Gardens	15.5534	10.5432	12
Dragon's den	15.6342	10.6533	4
Mighty Duck	15.1342	10.5423	0"
| multikv
| geostats latfield=Latitude longfield=Longitude   values(AvailPlaces) by  Kindergarden

View solution in original post

to4kawa · ‎11-27-2020

index=_internal | head 1 | fields _raw | eval _raw="Kindergarden	Latitude	Longitude	AvailPlaces
Misty Gardens	15.5534	10.5432	12
Dragon's den	15.6342	10.6533	4
Mighty Duck	15.1342	10.5423	0"
| multikv
| geostats latfield=Latitude longfield=Longitude   values(AvailPlaces) by  Kindergarden

Geostat value from field instead of count of events

other

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud