Solved: help on custom cluster map

jip31 · ‎02-02-2022

hi

I use the search below in order to display the number of events corresponding to my main search on a cluster map

There is a gap between the results displayed on my map and the results of the main search

I have identified a first problem

Some sites between the lookup and splunk are a little bit differents

For example, I have a site calle "LA BA" in Splunk and "LA BAUME" in the csv

So what I have to do that the sites match well?

index=toto sourcetype=tutu
| stats dc(id) as nbincid by site 
| where isnotnull(site) 
| join type=left site 
    [| inputlookup Bp.csv 
    | rename siteName as site 
    | fields site latitude longitude ] 
| table site nbincid latitude longitude 
| geostats latfield=latitude longfield=longitude globallimit=0 values(nbincid)

johnhua · ‎02-02-2022

The marker size you set on the cluster map will group locations that falls within that radius together.

View solution in original post

johnhua · ‎02-02-2022

The marker size you set on the cluster map will group locations that falls within that radius together.

jip31 · ‎02-02-2022

yes you are right

So if i well understand it's not possible to display the results on the map one shot?

last thing, I have you an idea for the site which have a different name between splunk and the lookup?

help on custom cluster map

other

Happy CX Day to our Community Superheroes!

Check out This Month’s Brand new Splunk Lantern Articles

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector