Thank you so much! That worked! I finally have it so that there are cluster points where the last known GPS position was printed!  Sorry, I know I said the last question would be the last question, but do you know how I can get it so that the hostname is presented in either the statistics tab or upon hover of the cluster point? Currently, I can see the map populated with those points but I'm unsure which point belongs to which host. EDIT: nevermind! Figured it out by adding "by host" after the count command in the geostats command. Thanks again for all of your help! ... View more

Ah, alright, last question then!  Do I append the geostats command after the stats command or do I redo the stats command as the geostats command? This is how I currently have it, and although it does display the latitude and longitude values (without the host) on the visualization tab, it still does not yet display anything on the map.  stats latest(gps_latitude) as latitude latest(gps_longitude) as longitude by host | geostats latfield=latitude longfield=longitude Thank you for your help so far, you've really helped point me in the right direction to figuring this out!  ... View more

It would seem as though I'm the one who is blind, I completely missed your edit!  With your help, I was able to take a step forward and have the machine host print on the visualization tab! However, it would seem to not be showing any markers on the cluster map itself. Is there anything else I'm missing or should the map be populated with the markers by now?  I'll probably start looking into using Maps+ then. Hopefully, I can get access to that soon. Thanks again for the help!  ... View more

Thank you very much for your reply! The examples you've given are a great help.  Thank you loads for the tip on Maps+! Unfortunately, I don't currently have access (not the admin of my splunk instance) to add that app to my instance of splunk at the moment, but can probably get it eventually.  Until then, I wanted to see if I could create a working prototype with the base tools given by splunk first. My goal right now is to just have marker points on a map dictate the last known locations of individual machines.  To answer your questions: 1) What's your actual need: I just need to get their latest known position and don't need to track the trips they took. So just where they are now, or where they last pinged their location at, essentially.  2) What data you have: Each machine has its own log file which contains a bunch of information including the time the log file was created, the host which created the file, and latitude and longitude coordinates taken from the onboard GPS. The log file is created periodically as long as the machine is on. Therefore each host creates many instances and needs to be filtered out via the "dedup host" command I have at the end. (I suspect there might be a better way to do this, but that dedup host command is to ensure there aren't a bunch of instances of the same host on the map. Just distinct hosts at any given time on the map.) 3) What data format your visualization needs: I'm not entirely certain what data format the map would need (I'm still pretty new to splunk if you couldn't already tell haha :D).  Anyways, thanks again for your reply I really appreciate it.  ... View more