Solved: geostat question for multiple indexes

jiaqya · ‎01-11-2018

i have a unique type of column in 4 different indexes , but they all have similar latitude and longitude.

can i show all these 4 column values ( or percentage ) on a single geostat command...
in other words can a single geostat show 4 different values from 4 different indexes.

ex of 2 indexes . i have type=a and its percentage in index1
i have type=b and its percentage in index2

now when i run the geostat command with lat/lon , i wish to see that location on the map, showing both these 2 types and their respective percentages.

is it possible with splunk /geostat ?

mayurr98 · ‎01-11-2018

hey you can try something like this

 index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage)  by type

let me know if this helps you!

View solution in original post

mayurr98 · ‎01-11-2018

hey you can try something like this

 index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage)  by type

let me know if this helps you!

mayurr98 · ‎01-11-2018

have you tried this?

jiaqya · ‎02-23-2018

Yes, i dumped all the different indexes into a single index with similar columns and made it easier for me. thanks..
john.

geostat question for multiple indexes

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Are you a member of the Splunk Community?

geostat question for multiple indexes

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen