Splunk Search

How do I display shops performance data with Google Maps?

New Member

Hi all,

I am new to the Splunk world. Currently, I want to display performance of shops with google maps, and I am not sure how to finish this.

I have all the events of performance from spunk server, and the event is like below. I also uploaded a lookup table for all information of the shops. Now i want to show the mount_name with Red if there is no data report for latest 24 hours and normal ones with a green color. Since every event is sent by mount, and event is including shop_name also, I want to use the lookup table to indicate the shop location. May I know if it is possible? if yes, how to achieve this goal?

Thanks in advance.


Jun 16 2015 09:00:00 app_id="84acfc1640a14da8a9c3b2a898940ac9" app_name="KungFu_Lifebuoy" app_version="26.0.0" attract_duration="5" attract_exit_by_menu_button="0" campaign_end="2037-03-31" campaign_id="2e7c105a0b5e47aca1142b0eaeba411e" campaign_name="Guardian_all_Lifebuoy" campaign_start="2015-02-01" display_count="18" display_duration="625" game_lost="0" game_win="1" geoloc_city="Singapore" geoloc_country="Singapore" interaction_count="2" loading_duration="137" mount_description="MountLocation-Dental Care  /S1" mount_id="05df45400f8c11e5870e0647ae8d6515" mount_name="Guardian 1KM 1" mount_tags="MountLocation-Dental, Singapore, Release_Batch_4" phone_input_count="0" phone_input_duration="0" play_count="2" play_duration="35" record_duration="3600" reward_exit_by_menu_button="1" reward_exit_by_sms_send="0" reward_idle_duration="14" reward_interaction_count="1" reward_interaction_duration="9" router_count="0" score_duration="6" shop_description="Add: 11 Tanjong Katong Road B1-19_20 S437157" shop_id="f7aa03e5d88811e4a4510a3fe87d2201" shop_name="Guardian 1KM (1KM)" shop_tags="Guardian-1KM, xwalk-library, AreaLocation-Commercial-Area, OutletLocation-Shopping-Mall, MassRebootTarget, Guardian, ZoneLocation-East, LIVE" skipped_score_count="1" started_by_menu="1" sum_game_progression="192" timezone_id="Asia/Singapore" timezone_offset="28800000" tutorial_duration="9"

Seach for no data reporting:

 interaction_count="*"  |stats latest(_time) AS lastReportTime BY mount_name| eval silenceSeconds = now() - lastReportTime |eval silenceHour = silenceSeconds/3600| where silenceHour > 24 |table  mount_name, silenceHour |eval silenceHour =round(silenceHour,1) |sort -silenceHour

Lookup table:

shop_name                           No. of Tablets   latitude   longitude
Guardian 1KM (1KM)                        1      1.31523    103.894722
Guardian Amara Hotel Tower (AMH)            2        1.275149   103.84357
Guardian Ang Mo Kio Blk 449 (A449)        1         1.368107   103.856057
Guardian Ang Mo Kio Blk 531 (A531)        1      1.373705   103.85437
Tags (3)
0 Karma

Splunk Employee
Splunk Employee

The new Splunk 6.3 introduced Choropleth Maps as a new visualization type, and Geospatial Lookups as a new lookup type.
You can create your own geospatial lookup (e.g. based on the shops or buildings) by uploading a KMZ that contains the specific boundaries.

If OpenStreetMap contains too much noise on high zoom levels, you can provide an alternative tile set to be used in the background of the map. This external page provides an extensive list of alternative tile providers.

Find more information on Choropleth Maps and Geospatial Indexes in the Splunk Docs for 6.3.

0 Karma

0 Karma

New Member

Thanks for your reply Fdi01, currently my search command is below:

interaction_count | stats sum(interaction_count) as interactions by shop_name | lookup singapore.csv shop_name OUTPUT latitude AS lat longitude AS lon | search lat="" lon="" | geostats maxzoomlevel=11 globallimit=0 sum(interactions) by shop_name

it can show open street map, but the colour is quite hard to identify, could you pls let me how to set the display colour of map?

Thanks again.

0 Karma

New Member

Could anyone help me on this question?

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...