Dashboards & Visualizations

Map visualization is not available with Pivot. Is there an efficient workaround?

hsesterhenn
Path Finder

Hi,

just found out that there is no map visualization available if you use Pivot.

You can add attributes to get the geo location data from an IP address but you can't visualize it, currently.

Only workaround I see is the '| datamodel' command:

Example:

    | datamodel MyModel WebSales search | geostats latfield=WebSales.clientip_lat longfield=WebSales.clientip_long 
      sum(WebSales.price) by WebSales.product_id

This is a lot of typing... 😞

Any other idea?

Holger

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi hsesterhenn,

here is a good tutorial for some other way to get a map using data model:

http://www.function1.com/2014/09/extending-the-power-of-pivot

tstats would be another command that could be used

hope that helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi hsesterhenn,

here is a good tutorial for some other way to get a map using data model:

http://www.function1.com/2014/09/extending-the-power-of-pivot

tstats would be another command that could be used

hope that helps ...

cheers, MuS

hsesterhenn
Path Finder

Well.

The first one is JS magic. Looks cool but not exactly my point.
And no map mantioned there?????

I was talking about the Splunk Pivot function which relies on a data model.

TStats... that's another option, indeed. Pipe this output to geostats.

But it's only working if you have accelerated the data model.

Would look like this:

| tstats .... | iplocation ip_field ... | geostats ... 

Turn it into a map.

Good idea. Still manual work 🙂

Thank you,

Holger

0 Karma

MuS
SplunkTrust
SplunkTrust

uppsss too many open tabs, so I pasted the wrong URL! Updated the answer to point to the correct URL. And yes, from the pivot editor you're not able to create a map directly 😞

0 Karma

hsesterhenn
Path Finder

Sorry, missed the edited link completely...

Cool stuff and tips... worth trying!

Thank you!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...