Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Maps plotting using physical address (not IP Address)

RyanDonnelly22
Explorer
‎06-22-2021 10:43 AM

I am trying to create a map visualization from a list of data that has the the physical address of the event in a filed named 'location' 

| inputlookup data.csv | table location |

Example data

  • Earth
  • Wytheville, VA
  • Boston, MA
  • 1 Main St, Waltham, Massachusetts
  • Mexico City, Mexico
  • Wellington St, Ottawa, ON K1A 0A9, Canada

I want to talk these physical addresses and add them to the Map Visualization in Splunk, but am not seeing how to add the data to the chart. 

 

Labels (3)
Labels
0 Karma
Reply

Funderburg78
Path Finder
‎06-22-2021 11:28 AM

you need to identify the LAT and LONG.  Ordinarily splunk will perform a whois call and determine the lat/long of the domain the ip is associated with if connected to the internet.  If you want to do this differently, I think you need to apply lat/long yourself.  I do not believe there is an automatic lookup.  there are a couple ways you can accomplish this.  You can build your own lookup table to convert addresses to a lat/long or you can just input the lat/long directly into the data if it is something like a spreadsheet.

 

For reading about chloropleth maps:

https://www.splunk.com/en_us/blog/tips-and-tricks/mapping-with-splunk.html

 

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...