Dashboards & Visualizations

Map visualization is not available with Pivot. Is there an efficient workaround?

hsesterhenn
Path Finder

Hi,

just found out that there is no map visualization available if you use Pivot.

You can add attributes to get the geo location data from an IP address but you can't visualize it, currently.

Only workaround I see is the '| datamodel' command:

Example:

    | datamodel MyModel WebSales search | geostats latfield=WebSales.clientip_lat longfield=WebSales.clientip_long 
      sum(WebSales.price) by WebSales.product_id

This is a lot of typing... 😞

Any other idea?

Holger

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi hsesterhenn,

here is a good tutorial for some other way to get a map using data model:

http://www.function1.com/2014/09/extending-the-power-of-pivot

tstats would be another command that could be used

hope that helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi hsesterhenn,

here is a good tutorial for some other way to get a map using data model:

http://www.function1.com/2014/09/extending-the-power-of-pivot

tstats would be another command that could be used

hope that helps ...

cheers, MuS

hsesterhenn
Path Finder

Well.

The first one is JS magic. Looks cool but not exactly my point.
And no map mantioned there?????

I was talking about the Splunk Pivot function which relies on a data model.

TStats... that's another option, indeed. Pipe this output to geostats.

But it's only working if you have accelerated the data model.

Would look like this:

| tstats .... | iplocation ip_field ... | geostats ... 

Turn it into a map.

Good idea. Still manual work 🙂

Thank you,

Holger

0 Karma

MuS
SplunkTrust
SplunkTrust

uppsss too many open tabs, so I pasted the wrong URL! Updated the answer to point to the correct URL. And yes, from the pivot editor you're not able to create a map directly 😞

0 Karma

hsesterhenn
Path Finder

Sorry, missed the edited link completely...

Cool stuff and tips... worth trying!

Thank you!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...