Geostats by phone number

indeed_2000 · ‎10-11-2021

Hi

I have field in my log that call “MobileNumber” that need to show count of MobileNumber by location on map.

e.g: 00121234567

Area code:0012

Number:1234567

if area code belong to Berlin 0151, 0157 or 0173. show total count of area code that belong Berlin on map.

if area code belong to Wolfsburg 0361 show total count of area code that belong Wolfsburg on map

FYI: Latitude, Longitude not exist in log file.

Any idea?

Thanks

Azeemering · ‎10-11-2021

This is not the full solution, but you could eval the longitude and latitude for each result.
Or use a lookup with all cities lon and lats.

Basic example

| makeresults
| eval City = "Berlin" |eval lat="52.520008" | eval lon="13.404954"
| geostats latfield=lat longfield=lon count

indeed_2000 · ‎10-11-2021

And how bind it to area code?

Azeemering · ‎10-11-2021

I'd say create a lookup with area codes and their respective longitudes and latitudes.
Splunk can do magic, but you need to feed it some ingredients to do magic with.

I found this as a possible source:

https://gist.github.com/iteufel/af379872bbc3bf5261e2fd09b681ff7e

indeed_2000 · ‎10-11-2021

thank you for answer, but it's not only germany.

about lookup would please tell me example?

Azeemering · ‎10-11-2021

https://docs.splunk.com/Documentation/Splunk/8.2.2/Knowledge/Aboutlookupsandfieldactions

indeed_2000 · ‎10-11-2021

thank you, i work with lookup, and example map dasboard.

the main goal is how can i provide relation between these items.

Geostats by phone number

chart

eval

rex

stats

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases