- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why does "geom geo_us_states" search display a wor...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Working my way through the Splunk e-learning offerings, I came across a lab exercise where the resulting query was
"sourcetype=vendor_sales VendorID < 4000 | chart count by VendorStateProvince | geom geo_us_states featuredField=VendorStateProvince"
and I'm expected to use a Choropleth visualization to get a map of North America with the states and provinces shaded according to the search results.
What I get, though, is a world map with the legend in the lower right ("Alabama"..."Alberta"...etc.) but nothing plotted on the map at all.
I cannot find any tweaks in the "Format" dialogue which will help.
Am I doing something obviously (if not to me) incorrect, or is something broken on the e-learning backend?
Thanks for any info,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The query above is logically correct but seems to have a typo; here's the corrected query:
sourcetype=vendor_sales VendorID < 4000 | chart count by VendorStateProvince | geom geo_us_states featureIdField=VendorStateProvince
uses featureIdField instead of featuredField
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The query above is logically correct but seems to have a typo; here's the corrected query:
sourcetype=vendor_sales VendorID < 4000 | chart count by VendorStateProvince | geom geo_us_states featureIdField=VendorStateProvince
uses featureIdField instead of featuredField
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's exactly what I was missing. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=Something srccountry="United States" | iplocation src | stats count by Region | geom geo_us_states featureIdField=Region : But it still shows the same world map and when I do the |inputlookup geo_us_states also it gives me world map .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To adjust the map to see only a portion of it, such as just the USA you need to edit the Latitude, Longitude, and Zoom settings for the map.
You can set these in Format Visualization, on the General page.
The following settings work for me for the continental USA:
- Latitude: 38.62
- Longitude: -93.91
- Zoom: 4
I was not happy with my attempts to show all 50 states since (including Alaska and Hawaii) because of the excess empty/irrelevant space (oceans and Canada) shown.
Alternatively, when editing the dashboard, you can zoom in and out and move the map around and if you are satisfied with how you have got it looking, you can save these settings by going to Format Visualization and on the General page click on Populate with current map settings.
(Refer to the attached map-usa.jpg file to see the settings I mentioned.)
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
Splunk Education Goes to Washington | Splunk GovSummit 2024
