Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

seetharamanss
Explorer
‎09-20-2016 09:18 AM

Hello all,

I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a lookup and values of each field for the country, then, visualize it on the map.

Here is my data and in the map I want to show the Value of the field.

Maintenance: 38
MarketName: TAIWAN
NewAccounts: 32
Timestamp: 20160621
Type: 7

Here is my search:

some search | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts), values(Maintenance) by MarketName

Please advise where I'm missing out.

Reply

somesoni2
Revered Legend
‎09-20-2016 10:13 AM

Do you have more that one event/data for each country? If you see in the statistics tab, do you see all the fields being populated?

0 Karma
Reply

mporath_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 10:08 AM

Without testing it I think you don't need the by MarketName in the end, since the clustering is already done through the lat/lon combination.
I'm also not sure if two aggregations would work here. Try with one first, and see if it works. Then add the second:

... | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts)
0 Karma
Reply

seetharamanss
Explorer
‎09-20-2016 11:08 AM

Hi ,

I tried the option without by MarketName. I'm not seeing any thing in the MAP visualization. Is there anything which I need to include in the xml reference. Please advise.

0 Karma
Reply

cmoinet
Engager
‎03-27-2019 02:19 AM

Hi, is there an answer to this proboleme?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top