Re: Splunk Maps plotting using physical address (n...

RyanDonnelly22 · ‎06-22-2021

I am trying to create a map visualization from a list of data that has the the physical address of the event in a filed named 'location'

| inputlookup data.csv | table location |

Example data

Earth
Wytheville, VA
Boston, MA
1 Main St, Waltham, Massachusetts
Mexico City, Mexico
Wellington St, Ottawa, ON K1A 0A9, Canada

I want to talk these physical addresses and add them to the Map Visualization in Splunk, but am not seeing how to add the data to the chart.

Funderburg78 · ‎06-22-2021

you need to identify the LAT and LONG. Ordinarily splunk will perform a whois call and determine the lat/long of the domain the ip is associated with if connected to the internet. If you want to do this differently, I think you need to apply lat/long yourself. I do not believe there is an automatic lookup. there are a couple ways you can accomplish this. You can build your own lookup table to convert addresses to a lat/long or you can just input the lat/long directly into the data if it is something like a spreadsheet.

For reading about chloropleth maps:

https://www.splunk.com/en_us/blog/tips-and-tricks/mapping-with-splunk.html

Splunk Maps plotting using physical address (not IP Address)

chart

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation