Splunk Search

Does the GoogleMap apps only work if Lat and Long has IP Information?

chienly
New Member

Hi,

Just wondering if anyone here knows if the GoogleMap apps can take in longitude and latitude data without any IP Addresses and still map them?

I just want to know if it can map a location directly with just the longitude and Latitude coordinates taken from a csv file?

Thanks,

-Chien

Tags (2)
0 Karma

ziegfried
Influencer

Plotting events on a map does not depend on an IP address. The current version of the module need the fields _lat (latitude) and _lng (longitude) to available in the final results.

The content of the fields has to be the degrees of latitude/longitude as a floating point number: eg 47.11

Other notations (eg. degrees°,minutes',...) are not supported.

The geonormalize command helps when the location information is not present in the _lat and _lng fields as it detects different patterns of field names where the information could be found and populates the _lat/_lng fields. When using the maps view (the default view of the app) or any other view where the module setting autoPostProcess is turned on, the geonormalize command is automatically added to the search.


Note: In the upcomming 1.1 release of the app, the module will use a single field called _geo containing the combined latitude and longitude information instead of the 2 fields (_lat and _lng). The values have to separated by a comma. So for example a _geo field value of 47.11,8.15 would be valid.

ziegfried
Influencer

Can you add the csv data and the search your're using to map it to your question?

0 Karma

chienly
New Member

Thanks for the followup Ziegfried!

I have following data indexed in a csv file with the _lat and _lng field but it still did not seem to pick up coordinates to plot on the graph?

Here's a sample:

store_number _lat _lng
8001 -71.385908 42.29663
9999 37.784132 -122.395913
47 42.307 -71.3989
50 42.4988879 -71.1211728

Does the number contain too many digits after the decimal or does the leading negative sign cause any issue?

Thanks again,
Chien

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...