Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using GeoStats to point locations based on eval values

richaGindodia
Path Finder
‎03-12-2015 11:41 PM

My UseCase

I am using splunk to monitor a file which has latitude, longitude and CPUUsage values . I want splunk to highlight the point where CPUUsage is >75 . I tried using

index=* | geostats latfield=Latitude longfield=Longitude count | eval redCount = if(CPUUsage >75,CPUUsage,0) | eval yellowCount = if(CPUUsage <75,CPUUsage,0) |fields - CPUUsage
Then using fieldcolours

but in vain. Please Help.

0 Karma
Reply

chimell
Motivator
‎03-23-2015 06:25 AM

Hi richaGindodia

1- Use the following search code for splunk 6.2.x

index=* |where CPUUsage >75 |geostats latfield=Latitude longfield=Longitude count by CPUUsage

In visualisation tab go to chart type and select map.

2- Use the following simple xml code for splunk 6.1.x

<dashboard>
  <label>enter your dashboard name</label>
  <row>
    <panel>
      <map>
        <searchString>
         index=* |where CPUUsage >75 |geostats  globallimit=0 latfield=Latitude longfield=Longitude count by CPUUsage
          <earliest>0</earliest>
          <latest>now</latest>
        </searchString>
        <option name="mapping.data.maxClusters">100</option>
        <option name="mapping.drilldown">all</option>
        <option name="mapping.map.center">(0,0)</option>
        <option name="mapping.map.zoom">2</option>
        <option name="mapping.markerLayer.markerMaxSize">50</option>
        <option name="mapping.markerLayer.markerMinSize">10</option>
        <option name="mapping.markerLayer.markerOpacity">0.8</option>
        <option name="mapping.tileLayer.maxZoom">7</option>
        <option name="mapping.tileLayer.minZoom">0</option>
      </map>
    </panel>
  </row>
</dashboard>
0 Karma
Reply

richaGindodia
Path Finder
‎03-26-2015 11:23 PM

Hello Chimell,

Thank you for a response. But this doesnot serve my purpose. Though it highlights the lat-long combinations where CPU>75 but in process it removes all those wherein CPU<75. I wanted CPU>75 in RED, CPU<75 in GREEN and CPU=0 in GREY.

I think the question I posted was a bit confusing 😞 . Hope this clears the use-case.

0 Karma
Reply

richaGindodia
Path Finder
‎03-23-2015 03:30 AM

I was able to find an answer to this. Achieved it using rangemap

| rangemap field=CPU Good=0-30 Fair=30-40 Bad=40-100 | geostats latfield=Latitude longfield=Longitude count by range
{Good:0x008000,Fair:0xFFFF00,Bad:0xFF0000}

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...