Does anyone know if/how you can create a choropleth map in Splunk using state abbreviations? I have been trying the following search but to no avail.
index=traffic sourcetype="traffic_logs" | stats count(id) | geom geo_us_states featureIdField=driver_state gen=0.1 min_x=-130.5 min_y=37.6 max_x=-130.1 max_y=37.7
I ended up editing my lookup to use the full state name. You could also use a lookup in the search to change the state name from the abbreviation to the full state name.