Splunk Search

Geostats and rangemap


Hi Newbie here,

Im exploring right now the map on splunk 6, Now my question is,is it possible to add a rangemap in geostats for example i have servers in certain areas and i want to know the util of all the servers ,so in the map it will show the cpu util in every area and change the color of the value or the circle around it, if it meet the set threshold.

Please englighten me.

Thanks in advance!

Tags (2)
0 Karma


For adding colors to existing Geo Map you can note the names of series plotted in your Geo Map and apply field color as per your need. For example following set colors for red and green series using hex code for respective colors. You can use mapping.fieldColors (refer to the following documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map_.28event_t...)

<option name="mapping.fieldColors">{red:0xFF0000,green:0x00FF00}</option>

If you want to color map based on stats range, you are actually looking for Choropleth Map (http://docs.splunk.com/Documentation/Splunk/latest/Viz/ChoroplethFormatting)

Please also check out Choropleth Map - Color Modes example on Splunk 6.x Dashboard Examples

            <option name="mapping.choroplethLayer.colorBins">6</option>
            <option name="mapping.choroplethLayer.colorMode">auto</option>
            <option name="mapping.choroplethLayer.maximumColor">0xDB5800</option>
            <option name="mapping.choroplethLayer.minimumColor">0x2F25BA</option>
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

hi nike,

Regarding choropleth Maps, can we change color scheme. for example from
1-5 red color
5-50 green color
50-100 orange color

0 Karma


Hi xisura,
I have the answer for you!!!

try this...but for this you need to first install Google Maps app into your splunk,
then for example look at this search query :index=XXX sourcetype=XXX | fields cpu, location | lookup location.csv location as location OUTPUTNEW latitude,longitude | geostats latfield=latitude longfield=longitude values(CPU) by location

here you need upload the latitude and longitude of your locations in the location.csv file and then do a lookup command n match it using geostats command

0 Karma


where are you defining colors there.?
can you please explain.?
Can't it be possible without Google Maps app.?

0 Karma


So am defining colors in the XML code like i use the below xml code for assigning the colors:
<option name="mapping.fieldColors">{fieldl1:0xFF3333,field2:0x66CCFF,field3:0xFFCC66}</option>

It works with google Maps only because it providse the Google API to splunk

0 Karma


I am having one field as :
here is my query.
source="Churn_Map.csv" sourcetype="Churn_map"
| eval Churn = if(Churn="True.","1","0")
| eventstats sum(Churn) as true_churn , count(Churn) as total_churn by state

| eval prop= true_churn*100 / total_churn

| rangemap field=prop green=0-5 yellow=6-10 orange=11-15 default=red
| geostats values(prop) by StateName globallimit=0

0 Karma

Path Finder

Hello Santhosh, were you able to find the solution to your problem, I am currently working on the similar issue..

0 Karma


hi @xisura have you got this ??
i am also lagging from same type of requirement.
If you found any clue for this please give me reply here.

Thank you.

0 Karma

Loves-to-Learn Everything

 @niketn  @xisura 


Any of you found a solution for this, I am using eth tiles which show map by using geo stats but I am not able to change the color of the individual location by range map.


Please let me know how you did that.



Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...