cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
gavsdavs
Observer
Member since: ‎04-27-2012
‎01-04-2021
Community Statistics
Posts 9
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎04-27-2012
Activity Feed
View All

Re: Closest GPS match in lookup table

by in Knowledge Management
‎07-10-2020 03:40 PM
‎07-10-2020 03:40 PM
I now have a kml file configured as a geospatial lookup. the track is split into 10 zones, each zone is defined by a polygon perimeter and is distinctly named. This look okay in | inputlookup <lookup name> I don't know how I get responses from this lookup, I have latitude and longitude in my event data and I am using | lookup <lookup name> latitude,longitude (as per the example here https://docs.splunk.com/Documentation/Splunk/8.0.4/Knowledge/Configuregeospatiallookups#Geospatial_lookup_example) and I'm getting "Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table." It strikes me that I don't have latitude,longitude fields in my geospatial lookup data, I see count, featureCollection, featureId and geom fields (which doesn't look like the co-ordinates list in the actual kml file, but at least appears to be valid in splunk terms). How do these geospatial lookups determine if a point is within a polygon ? ... View more

Re: Closest GPS match in lookup table

by in Knowledge Management
‎07-10-2020 10:48 AM
‎07-10-2020 10:48 AM
I have a series of points in my lookup data, loosely tracing a racetrack. I have a series of points in my data, the recording of the location of the car. There are sadly very few (if any) exact matches for the cars locations in the lookup data. So i need a way of looking for the closest match in the lookup table from the car location data. I was approaching it by trying to round the vehicles location lat/lon, and then try to establish the substring matches in the lookup data, I couldn't get wildcard matching to work (at all, i've not used it before, I haven't experimented with inserting "*" characters at the end of the rounded vehicle location data. I also thought the geolocation approach might be useful, the basic idea being it's possible to determine the country/US state based on the perimeter defined in the provided kml files from a GPS point. I have a KML file of the same basic approach, a permimeter around each corner/straight on the track and I would like to establish which "perimeter" (or named track segment) is in for each vehicle GPS point.   I'll have a look at the tool you've linked. ... View more

Re: Closest GPS match in lookup table

by in Knowledge Management
‎07-07-2020 03:19 PM
‎07-07-2020 03:19 PM
I'm still wresting with this one, and I'm trying to use wildcard matching against my lookup data. Say I have a GPS Point 51.234567,0.123456 and I then round that to 1 point, 2 points, 3 points, etc up to 5, i get these. 51.2,0.1 51.23,0.12 51.234,0.123 51.2345,0.1234 51.12345,0.12345 I can then try and lookup any of those values in my reference table with match_type=WILDCARD(latitude),WILDCARD(longitude) I should get a match (as I have rows/GPS points in the lookup table which start with 51.2,0.1), but I don't get any matches. I've also considered the geospatial approach, but I can't work out how to generate a KML which splunk will interpret. There are examples (US_States, countries, etc), but I don't know which tools i could use to create my own. Can anyone recommend any tools that will generate geospatial lookup (kml/kmz) files that splunk will read ? ... View more

Closest GPS match in lookup table

by in Knowledge Management
‎06-25-2020 03:31 PM
‎06-25-2020 03:31 PM
I have a list of GPS points in a lookup file which describes a race track, generated using this https://www.gpsvisualizer.com. This lookup file has maybe 100 points which describe the path of this track. lookup headings are latitiude,longitude,Segment name I then have some GPS traces of my car driving round this race track, where a GPS point is recorded roughly every second. For each recorded car location point, I want to look in this lookup file and return the Segment name which is physically closest. It's not quite a substring/pattern match (i.e. match_type WILDCARD), I would like to be able to return the segment name for the closest point i have in the lookup file. I'm aware of the haversine app: https://splunkbase.splunk.com/app/936/ And this is someone bundling the algorithm into a macro: https://community.splunk.com/t5/Splunk-Search/Distance-between-two-Geocoordinates/td-p/422514 But I'm not sure how I could use that macro or the haversine function in a lookup ? So far i'm just doing literal matches of the lat/long values in the car traces and I'm getting no matches at all (very disappointing) Any suggestions/ideas ? ... View more
Labels

Re: How to ingest Strava GPX (XML) data...

by in Getting Data In
‎01-07-2020 01:42 PM
‎01-07-2020 01:42 PM
You aren't tied to ingesting the file as a single event. What if I have over 10,000 points in a gpx file ? Re-think the content of the file, each point is an event, the whole gpx file is a collection of events. It's entirely up to you, but if you have 10,000 points in a file its easier to handle 10,000 events not one event and ending up with a 10,000 member mutlivalue field set. ... View more

Re: How to ingest Strava GPX (XML) data...

by in Getting Data In
‎01-06-2020 03:13 PM
‎01-06-2020 03:13 PM
Yeah I see that, but I get a single event with a load of multi-value fields and i have to do an mvexpand dance to blow it all to pieces. I personally prefer to work with the events separate and stats or transact them together rather than mvexpand them apart. ... View more

Re: How to ingest Strava GPX (XML) data...

by in Getting Data In
‎01-03-2020 02:35 PM
‎01-03-2020 02:35 PM
Set up a parsing statement to ingest the data and break every line (SHOULD_LINEMERGE=false) Then use something like | transaction startswith="\<trkpt" endswith="\</trkpt\>" | xmlkv | table time lat lon ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-04-2021 01:14 PM
li.common.scroll-to.top