Hi all,
I am new to the Splunk world. Currently, I want to display performance of shops with google maps, and I am not sure how to finish this.
I have all the events of performance from spunk server, and the event is like below. I also uploaded a lookup table for all information of the shops. Now i want to show the mount_name
with Red if there is no data report for latest 24 hours and normal ones with a green color. Since every event is sent by mount, and event is including shop_name
also, I want to use the lookup table to indicate the shop location. May I know if it is possible? if yes, how to achieve this goal?
Thanks in advance.
Event:
Jun 16 2015 09:00:00 app_id="84acfc1640a14da8a9c3b2a898940ac9" app_name="KungFu_Lifebuoy" app_version="26.0.0" attract_duration="5" attract_exit_by_menu_button="0" campaign_end="2037-03-31" campaign_id="2e7c105a0b5e47aca1142b0eaeba411e" campaign_name="Guardian_all_Lifebuoy" campaign_start="2015-02-01" display_count="18" display_duration="625" game_lost="0" game_win="1" geoloc_city="Singapore" geoloc_country="Singapore" interaction_count="2" loading_duration="137" mount_description="MountLocation-Dental Care /S1" mount_id="05df45400f8c11e5870e0647ae8d6515" mount_name="Guardian 1KM 1" mount_tags="MountLocation-Dental, Singapore, Release_Batch_4" phone_input_count="0" phone_input_duration="0" play_count="2" play_duration="35" record_duration="3600" reward_exit_by_menu_button="1" reward_exit_by_sms_send="0" reward_idle_duration="14" reward_interaction_count="1" reward_interaction_duration="9" router_count="0" score_duration="6" shop_description="Add: 11 Tanjong Katong Road B1-19_20 S437157" shop_id="f7aa03e5d88811e4a4510a3fe87d2201" shop_name="Guardian 1KM (1KM)" shop_tags="Guardian-1KM, xwalk-library, AreaLocation-Commercial-Area, OutletLocation-Shopping-Mall, MassRebootTarget, Guardian, ZoneLocation-East, LIVE" skipped_score_count="1" started_by_menu="1" sum_game_progression="192" timezone_id="Asia/Singapore" timezone_offset="28800000" tutorial_duration="9"
Seach for no data reporting:
interaction_count="*" |stats latest(_time) AS lastReportTime BY mount_name| eval silenceSeconds = now() - lastReportTime |eval silenceHour = silenceSeconds/3600| where silenceHour > 24 |table mount_name, silenceHour |eval silenceHour =round(silenceHour,1) |sort -silenceHour
Lookup table:
shop_name No. of Tablets latitude longitude
Guardian 1KM (1KM) 1 1.31523 103.894722
Guardian Amara Hotel Tower (AMH) 2 1.275149 103.84357
Guardian Ang Mo Kio Blk 449 (A449) 1 1.368107 103.856057
Guardian Ang Mo Kio Blk 531 (A531) 1 1.373705 103.85437
The new Splunk 6.3 introduced Choropleth Maps as a new visualization type, and Geospatial Lookups as a new lookup type.
You can create your own geospatial lookup (e.g. based on the shops or buildings) by uploading a KMZ that contains the specific boundaries.
If OpenStreetMap contains too much noise on high zoom levels, you can provide an alternative tile set to be used in the background of the map. This external page provides an extensive list of alternative tile providers.
Find more information on Choropleth Maps and Geospatial Indexes in the Splunk Docs for 6.3.
Thanks for your reply Fdi01, currently my search command is below:
interaction_count | stats sum(interaction_count) as interactions by shop_name | lookup singapore.csv shop_name OUTPUT latitude AS lat longitude AS lon | search lat="" lon="" | geostats maxzoomlevel=11 globallimit=0 sum(interactions) by shop_name
it can show open street map, but the colour is quite hard to identify, could you pls let me how to set the display colour of map?
Thanks again.
Could anyone help me on this question?