Splunk Search

Why is my cluster map working fine in verbose mode but not in fast mode?

Explorer
query:- index="test"|table FIELD1,FIELD2,Latitude,Longitude,Timestamp| geostats latfield=Latitude longfield=Longitude count by FIELDD1

Result For Verbose Mode
alt text

result for fastmode:

NO RESULT FOUND

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hi @ajitshukla

try this: index="test"|fields FIELD1 FIELD2 Latitude Longitude Timestamp| geostats latfield=Latitude longfield=Longitude count by FIELD1

Hope this helps

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Hi @ajitshukla

try this: index="test"|fields FIELD1 FIELD2 Latitude Longitude Timestamp| geostats latfield=Latitude longfield=Longitude count by FIELD1

Hope this helps

View solution in original post

0 Karma

Explorer

thanks its working fine

0 Karma

SplunkTrust
SplunkTrust

Awesome, glad to hear it!

|fields is typically better and faster to use than |table

0 Karma