Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

US state abbreviations to full state names - Choropleth map

corky42
Engager
‎12-15-2019 01:35 PM

I have a field [Driver State] which contains all the US states in abbreviated format (MD = Maryland).
I want to generate a choropleth map from the data and currently have the search:

index=traffic sourcetype="csv" | stats count by "Driver State" | geom geo_us_states featureIdField="Driver State"

I cannot figure out how to get Splunk to read the abbreviations, unless it is something more obvious I am doing wrong.

Is there another part of the search I am missing, or do I need to convert all of the abbreviations to their full length names?

Any help is appreciated,
Thanks

0 Karma
Reply

to4kawa
Ultra Champion
‎12-16-2019 02:56 AM 
| inputlookup geo_us_states

Hi, @corky42
check this results.

ISO_3166-2:US@wikipedia

It is necessary to create a CSV that associates abbreviations with names.

abbreviated,featureIdField
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas
CA,California
CO,Colorado
.......

so,
UPDATED:

index=traffic sourcetype="csv" 
| stats count by "Driver State" 
| lookup your_country_csv abbreviated as "Driver State"  OUTPUT featureIdField
| geom geo_us_states
Reply

corky42
Engager
‎12-16-2019 04:07 AM

This worked for the translation thank you! However, I didn't get any results for "geom" in the Statistics tab, changing featureIdField to featureId did populate the "geom" column, however no data is shown on the map after.
I did create a lookup definition for my abbreviation-to-state CSV.
So I'm closer but still not quite there.

0 Karma
Reply

to4kawa
Ultra Champion
‎12-16-2019 09:26 AM

sorry, my query is wrong, I fix it.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...