Splunk Search

Geostats display values on map?

sc0tt
Builder

I've started exploring geostats in Splunk 6. Is it possible to display labels/values on a map instead of a pie chart? I would like to use this on a live dashboard so seeing the values would be helpful.

Tags (3)
1 Solution

iKate
Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

View solution in original post

Venkat_16
Contributor

Here is way to add labels to your markes in map, for example You can eliminate longitiude and latitude thing which is displayed in the markes and hard code other stuff like percentage or count... all you have to do is upload it in a .CSS file and save it in the app.

Below i have removed lat n long fields and added percentage field which will be displayed in map

div.leaflet-popup-content tr:first-child {
display: none;
}
div.leaflet-popup-content tr:nth-child(2) {
display: none;
}
div.leaflet-popup-content tr:nth-child(3):after {
content: "%";

meenuvn
Explorer

Hi Venkat_16,
I'm trying to use your code to hide lat/long values and display some other values which are part of geostats.
hiding lat/long works well. but didnt understand correctly how to add a value. Do we need to provide the field value with content: " "

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There is no attribute in the Splunk 6.0 simple xml to apply labels to your map markers; hoping for this enhancement in a future release.

adewinter
Explorer

I would love to see this. Do we know if Splunk is working on an enhancement for the maps element?

0 Karma

mikaelbje
Motivator

I'm also interested in this. I hope it'll be considered.

0 Karma

sc0tt
Builder

Thanks. Here's hoping.

0 Karma

iKate
Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

sc0tt
Builder

Thanks. I'll look into the Google Maps app. I also agree that it is disappointing that built-in map is only supported in simple xml.

0 Karma

iKate
Builder

@ChrisG guys you are great! I really love Splunk and its documentation!:)

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Docs are updated, thanks!

arahut_splunk
Splunk Employee
Splunk Employee

thanks for catching the error in the documentation.
We will rectify this asap.

iKate
Builder

thanks! I was misled with description of iplocation command in documentation where were no mention of latitude or longitude:

"The IP address field, specified in ip-address-fieldname, is looked up in a database and location fields information is added to the event. The fields are country, city, metroCode, areaCode, region, postalCode."

arahut_splunk
Splunk Employee
Splunk Employee

here are a few lines of example xml to create a
map dashboard and to get latitude, longitude for ipaddress.
(assuming you have events of sourcetype, access_combined_wcookie)





sourcetype = access_combined_wcookie | iplocation clientip | geostats count by clientip



Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...