There is no country field extracted (unless you were talking about using rex from my previous question, but it doesn't work well with the current sourcetype I have)
When I used "source="/home/ubuntu/TensorFlow/Text_Classification/scripts/export.csv" sourcetype="csv-tf2" raw_text!="raw_text" AND raw_text!="*timestamp*" [| inputlookup simplemaps-worldcities-basic.csv |rename country as search | fields search | format] | dedup_raw"
This is the events that I gotten (with the countries being highlighted)
""South Korea Spy Agency Admits Attempting to Rig Election"",""South Korea's spy agency has admitted that it had engaged in a far-reaching attempt to manipulate voters as it sought to help conservatives win parliamentary and presidential elections.""
"Australia confirms IS plotted airport terror attack"",""Australia confirms IS plotted airport terror attack ... However, the plan was aborted before the luggage went through the airport's security control, AFP ... The suspects disassembled the device and then resorted to a second plan to...""
With the country names highlighted, I would like to know how I could continue to make it into both choropelth map and cluster map using the longitude and latitude from the lookup table as there is no iplocation/longtitude/latitude on my feeds/events.
... View more
how does renaming a field to "search" help?
how to make a map visualization with the lookup table/codes shown?
From my previous question, I was doing something related to extracting countries from feeds.
However I wasn't able to do the lookup table version answer from my question and I found that using rex doesn't really help me after a while.
I chanced upon this question "https://answers.splunk.com/answers/61664/search-set-of-strings-from-lookup-and-list-count-of-occurance.html" and tried the code, and I want to know how does renaming your string field name as search help ?
The particular part of the code goes :
[| inputlookup your_lookup_here | rename yourStringFieldName as search | fields search | format]
I actually just tried this particular code itself and I saw what I wanted to see/extract on the events tab and was wondering how I could make it into a cluster map/choropleth map.
The lookup (csv) I have contains fields such as "country", "lat" and "lng" and when I changed the word "search" I couldn't get what I wanted.
Also, I tried the code as a whole, I got an error with the rename function on the second line of the code which goes:
| rename _raw as rawText
How do I make to make a cluster map using lookup table that contains latitude and longitude as well as country name ?
My search on the other hand only have country shown.
The below is a statistics of what I have currently gotten
Country and count comes from feed whereas lat and lng comes from my country.csv
country count lat lng
Australia 2 -33.42004148 151.3000048
Bangladesh 1 24.24997845 89.92003048
I also used this code to get the above | lookup simplemaps-worldcities-basic.csv country as country OUTPUTNEW country lng lat
... View more
Hi ! I am new to splunk, and just started recently.
I have some RSS feeds implemented into Splunk through "Syndication", and I was wondering on how I can extract countries from the feeds as there is no longitude/latitude ?
There is no IP addresses either. sourcetype=syndication, I guess there is a need for this in order to show and extract the country out from the feeds in syndication
Here's an example of a raw feed.
summary=" Russia is engaged in wide-ranging information warfare operations aimed at undermining the United States, and the federal government has few defenses against the attacks, "
In this case, I would like to extract the country "Russia" and add a count to it and show it on a map.
Sorry for being vague, I would give more information if needed, because I don't know where I am being vague at
... View more