Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

seetharamanss
Explorer
‎09-20-2016 09:18 AM

Hello all,

I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a lookup and values of each field for the country, then, visualize it on the map.

Here is my data and in the map I want to show the Value of the field.

Maintenance: 38
MarketName: TAIWAN
NewAccounts: 32
Timestamp: 20160621
Type: 7

Here is my search:

some search | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts), values(Maintenance) by MarketName

Please advise where I'm missing out.

Reply

somesoni2
Revered Legend
‎09-20-2016 10:13 AM

Do you have more that one event/data for each country? If you see in the statistics tab, do you see all the fields being populated?

0 Karma
Reply

mporath_splunk
Splunk Employee
Splunk Employee
‎09-20-2016 10:08 AM

Without testing it I think you don't need the by MarketName in the end, since the clustering is already done through the lat/lon combination.
I'm also not sure if two aggregations would work here. Try with one first, and see if it works. Then add the second:

... | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts)
0 Karma
Reply

seetharamanss
Explorer
‎09-20-2016 11:08 AM

Hi ,

I tried the option without by MarketName. I'm not seeing any thing in the MAP visualization. Is there anything which I need to include in the xml reference. Please advise.

0 Karma
Reply

cmoinet
Engager
‎03-27-2019 02:19 AM

Hi, is there an answer to this proboleme?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...