Splunk Search

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

qiaojing
Path Finder

Hi,

I'm trying to plot all carpark locations on the Splunk Map. I have a lookup CSV file with the following columns:

CPK_ID, Latitude, Longitude

I do not have the lat and lon data inside the Splunk environment, so I'm trying to match the CPK_ID in the CSV file with that in the event.

... | lookup cpk_coord_lookup NUM_CPK as NUM_CPK | geostats latfield=NUM_LATD longfield=NUM_LNGTD count

However, I'm unable to plot all the carpark locations on the Splunk Map.

Any idea what I can do? Eg using openstreetmap or Google maps? Eventually I would want to embed it into the normal Splunk dashboard.

Thank you very much! 🙂

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi qiaojing,

if your lookup contains the following header CPK_ID, Latitude, Longitude you should use the Latitude, Longitude in the geostats command as well:

 ... | lookup cpk_coord_lookup NUM_CPK as NUM_CPK | geostats latfield=Latitude longfield=Longitude count by CPK_ID

As well check the event field name and the lookup field name for the carpark number as you use NUM_CPK but mention the lookup header CPK_ID.

There is no need for the above mentioned App, this was used in older Splunk releases to get mapping working.

Hope this helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi qiaojing,

if your lookup contains the following header CPK_ID, Latitude, Longitude you should use the Latitude, Longitude in the geostats command as well:

 ... | lookup cpk_coord_lookup NUM_CPK as NUM_CPK | geostats latfield=Latitude longfield=Longitude count by CPK_ID

As well check the event field name and the lookup field name for the carpark number as you use NUM_CPK but mention the lookup header CPK_ID.

There is no need for the above mentioned App, this was used in older Splunk releases to get mapping working.

Hope this helps ...

cheers, MuS

qiaojing
Path Finder

Hi thanks for your answer, sorry i just realised, the naming of the csv that i posted previously was wrong. It's supposed to be NUM_CPK, NUM_LATD, NUM_LNGTD.

I managed to plot the points onto Splunk Map. However, i realised something strange, the map shown in the search query (using Verbose Mode) has a lot more points (100+pts) plotted than the one i saved to dashboard (30pts). It seems like some points were not displayed after saving to dashboard.

Any idea why is this so?

0 Karma

MuS
SplunkTrust
SplunkTrust

look at the base search (everything before the first | ) used in the dashboard and try to re-use it.

0 Karma

qiaojing
Path Finder

sorry, what do you mean by re-using it?

My entire search is
sourcetype="UDBCUNIT.TF_PRKNG_MVMNT" | lookup cpk_coord_lookup NUM_CPK as NUM_CPK OUTPUT NUM_LNGTD, NUM_LATD | geostats latfield=NUM_LATD longfield=NUM_LNGTD maxzoomlevel=18 globallimit=0 count by NUM_CPK

0 Karma

MuS
SplunkTrust
SplunkTrust

You asked why it shows a different set of results.
If both searches are the same, check the time range used for the search or the dashboard. Not to forget the zoom level will also effect the number of shown results.

0 Karma

qiaojing
Path Finder

okay i will try again, thank you 🙂

0 Karma

splunkdevabhi
Explorer

Hi ,

You may try using Splunk Add-on for Google Maps
https://splunkbase.splunk.com/app/368/

0 Karma

qiaojing
Path Finder

But how do i put Google Maps inside the normal Splunk dashboard without Advanced XML?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...