Solved: geostat question for multiple indexes

jiaqya · ‎01-11-2018

i have a unique type of column in 4 different indexes , but they all have similar latitude and longitude.

can i show all these 4 column values ( or percentage ) on a single geostat command...
in other words can a single geostat show 4 different values from 4 different indexes.

ex of 2 indexes . i have type=a and its percentage in index1
i have type=b and its percentage in index2

now when i run the geostat command with lat/lon , i wish to see that location on the map, showing both these 2 types and their respective percentages.

is it possible with splunk /geostat ?

mayurr98 · ‎01-11-2018

hey you can try something like this

 index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage)  by type

let me know if this helps you!

View solution in original post

mayurr98 · ‎01-11-2018

hey you can try something like this

 index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage)  by type

let me know if this helps you!

mayurr98 · ‎01-11-2018

have you tried this?

jiaqya · ‎02-23-2018

Yes, i dumped all the different indexes into a single index with similar columns and made it easier for me. thanks..
john.

geostat question for multiple indexes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation