Extracting geo data from zip codes with a static c...

jbertoli · ‎12-01-2011

I have some data in splunk with zip code. I would like to be able to map this using the google maps app. I have added a csv file with the following format:
zipcode,state,city,longitude,latitude
80809,CO,NORTH POLE,-104.993684,38.921314

I have edited edited props.conf, transforms.conf etc:

When I perform a search on the maps app using geonormalize the georesults view shows values for geo_position have been resolved. The values in geo_position are no longer negative for longitude, and latitude and longitude are reversed. The map does not show the results. example command follows:
sourcetype="syslog" host=192.168.1.1 | rex field=_raw "\"(?\d{5})\"" | regex zipcode="^8" | lookup zipcode zipcode OUTPUT latitude,longitude,city,state | geonormalize

any help would be most appreciated.
grazie mille

mcdowes · ‎03-03-2012

I have a similar need to plot based on a zipcode that is already in splunk. I'm not much of a Splunk Guru but I was able to make it work using an automatic lookup.

Query: A4 OR A5 OR A6 OR A8 | geonormalize

Lookup input fields
ZipCode = ZipCode

Lookup output fields
lat = lat
lng = lng

Lookup table
ZipCode,lat,lng
80809,38.921314,-104.993684
60047,42.1969444,-88.0933333
T2E 0B2,51.1,-114.1

    My Data
    Model=A6 Price=27000 ZipCode=80809
    Model=A6 Price=27000 ZipCode=60047
    Model=A8 Price=19000 ZipCode=80809
    Model=A8 Price=19000 ZipCode=60047
    Model=A8 Price=35000 ZipCode=80809
    Model=A8 Price=35000 ZipCode=60047
    Model=A5 Price=35000 ZipCode=60047
    Model=A4 Price=28808 ZipCode=’T2E 0B2’

Extracting geo data from zip codes with a static csv and lookups

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life