Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

US state abbreviations to full state names - Choropleth map

corky42
Engager
‎12-15-2019 01:35 PM

I have a field [Driver State] which contains all the US states in abbreviated format (MD = Maryland).
I want to generate a choropleth map from the data and currently have the search:

index=traffic sourcetype="csv" | stats count by "Driver State" | geom geo_us_states featureIdField="Driver State"

I cannot figure out how to get Splunk to read the abbreviations, unless it is something more obvious I am doing wrong.

Is there another part of the search I am missing, or do I need to convert all of the abbreviations to their full length names?

Any help is appreciated,
Thanks

0 Karma
Reply

to4kawa
Ultra Champion
‎12-16-2019 02:56 AM 
| inputlookup geo_us_states

Hi, @corky42
check this results.

ISO_3166-2:US@wikipedia

It is necessary to create a CSV that associates abbreviations with names.

abbreviated,featureIdField
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas
CA,California
CO,Colorado
.......

so,
UPDATED:

index=traffic sourcetype="csv" 
| stats count by "Driver State" 
| lookup your_country_csv abbreviated as "Driver State"  OUTPUT featureIdField
| geom geo_us_states
Reply

corky42
Engager
‎12-16-2019 04:07 AM

This worked for the translation thank you! However, I didn't get any results for "geom" in the Statistics tab, changing featureIdField to featureId did populate the "geom" column, however no data is shown on the map after.
I did create a lookup definition for my abbreviation-to-state CSV.
So I'm closer but still not quite there.

0 Karma
Reply

to4kawa
Ultra Champion
‎12-16-2019 09:26 AM

sorry, my query is wrong, I fix it.

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...