Splunk Search

How do I display shops performance data with Google Maps?

tenyang
New Member

Hi all,

I am new to the Splunk world. Currently, I want to display performance of shops with google maps, and I am not sure how to finish this.

I have all the events of performance from spunk server, and the event is like below. I also uploaded a lookup table for all information of the shops. Now i want to show the mount_name with Red if there is no data report for latest 24 hours and normal ones with a green color. Since every event is sent by mount, and event is including shop_name also, I want to use the lookup table to indicate the shop location. May I know if it is possible? if yes, how to achieve this goal?

Thanks in advance.

Event:

Jun 16 2015 09:00:00 app_id="84acfc1640a14da8a9c3b2a898940ac9" app_name="KungFu_Lifebuoy" app_version="26.0.0" attract_duration="5" attract_exit_by_menu_button="0" campaign_end="2037-03-31" campaign_id="2e7c105a0b5e47aca1142b0eaeba411e" campaign_name="Guardian_all_Lifebuoy" campaign_start="2015-02-01" display_count="18" display_duration="625" game_lost="0" game_win="1" geoloc_city="Singapore" geoloc_country="Singapore" interaction_count="2" loading_duration="137" mount_description="MountLocation-Dental Care  /S1" mount_id="05df45400f8c11e5870e0647ae8d6515" mount_name="Guardian 1KM 1" mount_tags="MountLocation-Dental, Singapore, Release_Batch_4" phone_input_count="0" phone_input_duration="0" play_count="2" play_duration="35" record_duration="3600" reward_exit_by_menu_button="1" reward_exit_by_sms_send="0" reward_idle_duration="14" reward_interaction_count="1" reward_interaction_duration="9" router_count="0" score_duration="6" shop_description="Add: 11 Tanjong Katong Road B1-19_20 S437157" shop_id="f7aa03e5d88811e4a4510a3fe87d2201" shop_name="Guardian 1KM (1KM)" shop_tags="Guardian-1KM, xwalk-library, AreaLocation-Commercial-Area, OutletLocation-Shopping-Mall, MassRebootTarget, Guardian, ZoneLocation-East, LIVE" skipped_score_count="1" started_by_menu="1" sum_game_progression="192" timezone_id="Asia/Singapore" timezone_offset="28800000" tutorial_duration="9"

Seach for no data reporting:

 interaction_count="*"  |stats latest(_time) AS lastReportTime BY mount_name| eval silenceSeconds = now() - lastReportTime |eval silenceHour = silenceSeconds/3600| where silenceHour > 24 |table  mount_name, silenceHour |eval silenceHour =round(silenceHour,1) |sort -silenceHour

Lookup table:

shop_name                           No. of Tablets   latitude   longitude
Guardian 1KM (1KM)                        1      1.31523    103.894722
Guardian Amara Hotel Tower (AMH)            2        1.275149   103.84357
Guardian Ang Mo Kio Blk 449 (A449)        1         1.368107   103.856057
Guardian Ang Mo Kio Blk 531 (A531)        1      1.373705   103.85437
Tags (3)
0 Karma

mporath_splunk
Splunk Employee
Splunk Employee

The new Splunk 6.3 introduced Choropleth Maps as a new visualization type, and Geospatial Lookups as a new lookup type.
You can create your own geospatial lookup (e.g. based on the shops or buildings) by uploading a KMZ that contains the specific boundaries.

If OpenStreetMap contains too much noise on high zoom levels, you can provide an alternative tile set to be used in the background of the map. This external page provides an extensive list of alternative tile providers.

Find more information on Choropleth Maps and Geospatial Indexes in the Splunk Docs for 6.3.

0 Karma

fdi01
Motivator
0 Karma

tenyang
New Member

Thanks for your reply Fdi01, currently my search command is below:

interaction_count | stats sum(interaction_count) as interactions by shop_name | lookup singapore.csv shop_name OUTPUT latitude AS lat longitude AS lon | search lat="" lon="" | geostats maxzoomlevel=11 globallimit=0 sum(interactions) by shop_name

it can show open street map, but the colour is quite hard to identify, could you pls let me how to set the display colour of map?

Thanks again.

0 Karma

tenyang
New Member

Could anyone help me on this question?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...