I'm trying to plot all carpark locations on the Splunk Map. I have a lookup CSV file with the following columns:
CPK_ID, Latitude, Longitude
I do not have the lat and lon data inside the Splunk environment, so I'm trying to match the CPK_ID in the CSV file with that in the event.
... | lookup cpk_coord_lookup NUM_CPK as NUM_CPK | geostats latfield=NUM_LATD longfield=NUM_LNGTD count
However, I'm unable to plot all the carpark locations on the Splunk Map.
Any idea what I can do? Eg using openstreetmap or Google maps? Eventually I would want to embed it into the normal Splunk dashboard.
Thank you very much! 🙂
But how do i put Google Maps inside the normal Splunk dashboard without Advanced XML?
if your lookup contains the following header
CPK_ID, Latitude, Longitude you should use the
Latitude, Longitude in the
geostats command as well:
... | lookup cpk_coord_lookup NUM_CPK as NUM_CPK | geostats latfield=Latitude longfield=Longitude count by CPK_ID
As well check the event field name and the lookup field name for the carpark number as you use
NUM_CPK but mention the lookup header
There is no need for the above mentioned App, this was used in older Splunk releases to get mapping working.
Hope this helps ...
Hi thanks for your answer, sorry i just realised, the naming of the csv that i posted previously was wrong. It's supposed to be
NUM_CPK, NUM_LATD, NUM_LNGTD.
I managed to plot the points onto Splunk Map. However, i realised something strange, the map shown in the search query (using Verbose Mode) has a lot more points (100+pts) plotted than the one i saved to dashboard (30pts). It seems like some points were not displayed after saving to dashboard.
Any idea why is this so?
look at the base search (everything before the first
| ) used in the dashboard and try to re-use it.
sorry, what do you mean by re-using it?
My entire search is
sourcetype="UDBCUNIT.TF_PRKNG_MVMNT" | lookup cpk_coord_lookup NUM_CPK as NUM_CPK OUTPUT NUM_LNGTD, NUM_LATD | geostats latfield=NUM_LATD longfield=NUM_LNGTD maxzoomlevel=18 globallimit=0 count by NUM_CPK
You asked why it shows a different set of results.
If both searches are the same, check the time range used for the search or the dashboard. Not to forget the zoom level will also effect the number of shown results.