Splunk Search

Geostats display values on map?

Builder

I've started exploring geostats in Splunk 6. Is it possible to display labels/values on a map instead of a pie chart? I would like to use this on a live dashboard so seeing the values would be helpful.

Tags (3)
1 Solution

Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

View solution in original post

Contributor

Here is way to add labels to your markes in map, for example You can eliminate longitiude and latitude thing which is displayed in the markes and hard code other stuff like percentage or count... all you have to do is upload it in a .CSS file and save it in the app.

Below i have removed lat n long fields and added percentage field which will be displayed in map

div.leaflet-popup-content tr:first-child {
display: none;
}
div.leaflet-popup-content tr:nth-child(2) {
display: none;
}
div.leaflet-popup-content tr:nth-child(3):after {
content: "%";

Explorer

Hi Venkat_16,
I'm trying to use your code to hide lat/long values and display some other values which are part of geostats.
hiding lat/long works well. but didnt understand correctly how to add a value. Do we need to provide the field value with content: " "

0 Karma

Splunk Employee
Splunk Employee

There is no attribute in the Splunk 6.0 simple xml to apply labels to your map markers; hoping for this enhancement in a future release.

Explorer

I would love to see this. Do we know if Splunk is working on an enhancement for the maps element?

0 Karma

Motivator

I'm also interested in this. I hope it'll be considered.

0 Karma

Builder

Thanks. Here's hoping.

0 Karma

Builder

Seems that better decision for this now is old good Google Maps app http://apps.splunk.com/app/368/#versionBox
alt text

Also what dissapointed me with new inbuilt maps that latitude and longitude are not defined from ipaddress field and that visualization is supported just in simple xml (or it's not covered in docs).

View solution in original post

Builder

Thanks. I'll look into the Google Maps app. I also agree that it is disappointing that built-in map is only supported in simple xml.

0 Karma

Builder

@ChrisG guys you are great! I really love Splunk and its documentation!:)

0 Karma

Splunk Employee
Splunk Employee

Docs are updated, thanks!

Splunk Employee
Splunk Employee

thanks for catching the error in the documentation.
We will rectify this asap.

Builder

thanks! I was misled with description of iplocation command in documentation where were no mention of latitude or longitude:

"The IP address field, specified in ip-address-fieldname, is looked up in a database and location fields information is added to the event. The fields are country, city, metroCode, areaCode, region, postalCode."

Splunk Employee
Splunk Employee

here are a few lines of example xml to create a
map dashboard and to get latitude, longitude for ipaddress.
(assuming you have events of sourcetype, access_combined_wcookie)





sourcetype = access_combined_wcookie | iplocation clientip | geostats count by clientip