Solved: Is there any way of displaying empty map if there ...

nivethainspire_ · ‎11-23-2014

martin_mueller · ‎11-24-2014

Yeah, similar approach as when e.g. filling a zero into a single value when there is no data.

Take the sample search from the Splunk 6 Dashboard Examples app:

| inputlookup geomaps_data.csv | iplocation device_ip | geostats latfield=lat longfield=lon count by method

That returns a bunch of geo buckets. If I modify it to return no data by adding a where 1=2, the map disappears. By adding a little appendpipe to the end the map is back but empty:

| inputlookup geomaps_data.csv | iplocation device_ip | where 1=2 | geostats latfield=lat longfield=lon count by method
| appendpipe [stats count | where count=0 | eval geobin = "bin_id_zl_0_y_3_x_2" | eval latitude= -10.00000 | eval logitude = -55.00000]

View solution in original post

martin_mueller · ‎11-24-2014

Yeah, similar approach as when e.g. filling a zero into a single value when there is no data.

Take the sample search from the Splunk 6 Dashboard Examples app:

| inputlookup geomaps_data.csv | iplocation device_ip | geostats latfield=lat longfield=lon count by method

That returns a bunch of geo buckets. If I modify it to return no data by adding a where 1=2, the map disappears. By adding a little appendpipe to the end the map is back but empty:

| inputlookup geomaps_data.csv | iplocation device_ip | where 1=2 | geostats latfield=lat longfield=lon count by method
| appendpipe [stats count | where count=0 | eval geobin = "bin_id_zl_0_y_3_x_2" | eval latitude= -10.00000 | eval logitude = -55.00000]

Is there any way of displaying empty map if there is no data in simple xml?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases