Splunk Search

Extracting geo data from zip codes with a static csv and lookups

jbertoli
Engager

I have some data in splunk with zip code. I would like to be able to map this using the google maps app. I have added a csv file with the following format:
zipcode,state,city,longitude,latitude
80809,CO,NORTH POLE,-104.993684,38.921314

I have edited edited props.conf, transforms.conf etc:

When I perform a search on the maps app using geonormalize the georesults view shows values for geo_position have been resolved. The values in geo_position are no longer negative for longitude, and latitude and longitude are reversed. The map does not show the results. example command follows:
sourcetype="syslog" host=192.168.1.1 | rex field=_raw "\"(?\d{5})\"" | regex zipcode="^8" | lookup zipcode zipcode OUTPUT latitude,longitude,city,state | geonormalize

any help would be most appreciated.
grazie mille

Tags (1)

mcdowes
Engager

I have a similar need to plot based on a zipcode that is already in splunk. I'm not much of a Splunk Guru but I was able to make it work using an automatic lookup.

Query: A4 OR A5 OR A6 OR A8 | geonormalize

Lookup input fields
ZipCode = ZipCode

Lookup output fields
lat = lat
lng = lng

Lookup table
ZipCode,lat,lng
80809,38.921314,-104.993684
60047,42.1969444,-88.0933333
T2E 0B2,51.1,-114.1

    My Data
    Model=A6 Price=27000 ZipCode=80809
    Model=A6 Price=27000 ZipCode=60047
    Model=A8 Price=19000 ZipCode=80809
    Model=A8 Price=19000 ZipCode=60047
    Model=A8 Price=35000 ZipCode=80809
    Model=A8 Price=35000 ZipCode=60047
    Model=A5 Price=35000 ZipCode=60047
    Model=A4 Price=28808 ZipCode=’T2E 0B2’
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...