Just a quick question on the cluster map that is not really displaying what we are aiming for...
We have a simple query which is then piped to iplocation then geostats as this:
query | iplocation myIP | geostats count by Country globallimit=0
We are trying to "regroup" items by Country, as it may seem obvious, but it is more difficult than expected.
Here is an example of the output (guess geobin/lat/lon is messing with us):
Blue canada is splitted into 2 locations, and USA in at least 4, we would like to have a cluster more or less like the chloromap.
If we count by Country before geostats, it shows the expected result (in a table), but if we apply geostats it is splitted by location, any way to circumvent this ?
We tried to use another iplocation prefix, and geostats count by myCountry, does not work either 😞
Found the solution by using a lookup file
Idea is to stats count by country, and then lookup the latitude/longitude on the aggregated results, then pipe to geostats
View solution in original post