Splunk Search

Geostats display values on map?

sc0tt
Builder

I've started exploring geostats in Splunk 6. Is it possible to display labels/values on a map instead of a pie chart? I would like to use this on a live dashboard so seeing the values would be helpful.

Tags (3)
1 Solution

iKate
Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

View solution in original post

Venkat_16
Contributor

Here is way to add labels to your markes in map, for example You can eliminate longitiude and latitude thing which is displayed in the markes and hard code other stuff like percentage or count... all you have to do is upload it in a .CSS file and save it in the app.

Below i have removed lat n long fields and added percentage field which will be displayed in map

div.leaflet-popup-content tr:first-child {
display: none;
}
div.leaflet-popup-content tr:nth-child(2) {
display: none;
}
div.leaflet-popup-content tr:nth-child(3):after {
content: "%";

meenuvn
Explorer

Hi Venkat_16,
I'm trying to use your code to hide lat/long values and display some other values which are part of geostats.
hiding lat/long works well. but didnt understand correctly how to add a value. Do we need to provide the field value with content: " "

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There is no attribute in the Splunk 6.0 simple xml to apply labels to your map markers; hoping for this enhancement in a future release.

adewinter
Explorer

I would love to see this. Do we know if Splunk is working on an enhancement for the maps element?

0 Karma

mikaelbje
Motivator

I'm also interested in this. I hope it'll be considered.

0 Karma

sc0tt
Builder

Thanks. Here's hoping.

0 Karma

iKate
Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

sc0tt
Builder

Thanks. I'll look into the Google Maps app. I also agree that it is disappointing that built-in map is only supported in simple xml.

0 Karma

iKate
Builder

@ChrisG guys you are great! I really love Splunk and its documentation!:)

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Docs are updated, thanks!

arahut_splunk
Splunk Employee
Splunk Employee

thanks for catching the error in the documentation.
We will rectify this asap.

iKate
Builder

thanks! I was misled with description of iplocation command in documentation where were no mention of latitude or longitude:

"The IP address field, specified in ip-address-fieldname, is looked up in a database and location fields information is added to the event. The fields are country, city, metroCode, areaCode, region, postalCode."

arahut_splunk
Splunk Employee
Splunk Employee

here are a few lines of example xml to create a
map dashboard and to get latitude, longitude for ipaddress.
(assuming you have events of sourcetype, access_combined_wcookie)





sourcetype = access_combined_wcookie | iplocation clientip | geostats count by clientip



Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...