Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

seetharamanss
Explorer
‎09-20-2016 09:18 AM

Hello all,

I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a lookup and values of each field for the country, then, visualize it on the map.

Here is my data and in the map I want to show the Value of the field.

Maintenance: 38
MarketName: TAIWAN
NewAccounts: 32
Timestamp: 20160621
Type: 7

Here is my search:

some search | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts), values(Maintenance) by MarketName

Please advise where I'm missing out.

Reply

somesoni2
Revered Legend
‎09-20-2016 10:13 AM

Do you have more that one event/data for each country? If you see in the statistics tab, do you see all the fields being populated?

0 Karma
Reply

mporath_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 10:08 AM

Without testing it I think you don't need the by MarketName in the end, since the clustering is already done through the lat/lon combination.
I'm also not sure if two aggregations would work here. Try with one first, and see if it works. Then add the second:

... | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts)
0 Karma
Reply

seetharamanss
Explorer
‎09-20-2016 11:08 AM

Hi ,

I tried the option without by MarketName. I'm not seeing any thing in the MAP visualization. Is there anything which I need to include in the xml reference. Please advise.

0 Karma
Reply

cmoinet
Engager
‎03-27-2019 02:19 AM

Hi, is there an answer to this proboleme?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...