Dashboards & Visualizations

Map geostats display City instead of latitude and longitude

cyndiback
Path Finder

Using simple XML dashboard. Is there a way to show the City name in the pop-up window instead of longitude and latitude (see image)

Dashboard xml:

<map>
  <title>Successful connections</title>
  <searchString>index=auth_application | iplocation src_ip | geostats count(src_ip), dc(src_ip)</searchString>
  <earliestTime>$earliest$</earliestTime>
  <latestTime>$latest$</latestTime>
</map>

alt text

Tags (3)

Venkat_16
Contributor

i can help you iN a way to eliminate Longitude and latidue field in the map...try uploading this css in the dashboard.css file for the particular app AND those lat and long fields will be vanished.

div.leaflet-popup-content tr:first-child {
display: none;
}
div.leaflet-popup-content tr:nth-child(2) {
display: none;
}

chimell
Motivator
try this xml code 

 <map>
   <title>Successful connections</title>
   <searchString>index=auth_application | iplocation src_ip | geostats count(src_ip) , dc(src_ip) by city </searchString>
   <earliestTime>$earliest$</earliestTime>
   <latestTime>$latest$</latestTime>
 </map>
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

This may not be the prettiest option, but you can amend your geostats call like this:

... | geostats count by City

That should still retain the latitude and longitude for that specific geobucket, but will colour the pie according to City and list them in the popup.

cyndiback
Path Finder

Using your answer provides the City and Count in an easy to read format, results:
City: Count
Anaheim 1
Apple Valley 2
etc

FYI - I tried showing both count and distinct count..Not easy to read

...| geostats count, dc by City

Results:
count: CityA #
count: CityB #
dc: CityA #
dc: CityB #

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...