Splunk Search

Heat map using a zip code

dbcase
Motivator

Hi,

I have the below data in a csv file. I'd like to create a heat map with the count(zip_code) number inside the marker. Any thoughts on how I would go about this? Many thanks!!!

ZIP_CODE    COUNT(ZIP_CODE) LAT Long
89148   1052    36.06   -111.87
85255   924 33.66   -111.94
85254   799 33.61   -112.24
85383   787 33.76   -112.18
85308   672 33.66   -97.76
73099   666 35.51   -76.3
23320   656 36.67   -111.89
85260   654 33.61   -76.04
23456   644 36.73   -115.13
89031   636 36.27   -76.04
23464   629 36.73   -95.78
74012   615 36.03   -97.41
73013   601 35.67   -115.04
89012   586 36  -76.04
23462   569 36.73   -97.51
0 Karma

DalJeanis
SplunkTrust
SplunkTrust

Try something like this...

 index="cox_heatmap" sourcetype="csv"
| rename 'COUNT(ZIP_CODE)' as mycount
|geostats globallimit=0 latfield=LAT longfield=LONG sum(mycount) as TheCount by ZIP_CODE
0 Karma

dbcase
Motivator

Still kinda stuck even after changing my data set. The new data set looks like this. Just took out the count of the zip code. So if there are 100 90210 zip codes instead of summarizing them I just left all 100 in the data set and let splunk count them by the below query and still no luck

index="cox_heatmap" sourcetype="csv"|geostats globallimit=0 latfield=LAT longfield=LONG count by ZIP_CODE

ZIP_CODE    LAT LONG
85629   31.91   -110.9
85742   32.43   -111.03
85629   31.91   -110.9
85710   32.22   -110.82
85747   32.1    -110.68
85730   32.17   -110.79
85713   32.19   -110.98
85713   32.19   -110.98
85747   32.1    -110.68
85641   31.95   -110.69
85756   32.07   -110.92
85705   32.26   -111
85756   32.07   -110.92
85629   31.91   -110.9
85629   31.91   -110.9
85745   32.25   -111.08
85730   32.17   -110.79
85756   32.07   -110.92
85756   32.07   -110.92
85050   33.69   -112
85085   33.75   -112.14
85382   33.65   -112.24
85345   33.57   -112.25
85008   33.46   -111.98
85748   32.21   -110.75
85629   31.91   -110.9
85713   32.19   -110.98
85712   32.25   -110.87
85712   32.25   -110.87
85629   31.91   -110.9
85710   32.22   -110.82
85710   32.22   -110.82
85745   32.25   -111.08
0 Karma

dbcase
Motivator

I've tried this query and its close but not quite. The zipcode count column totals to just over 150K and when using this query the values in the heat map only total about 3500.

index="cox_heatmap" sourcetype="csv"| geostats globallimit=0 latfield=LAT longfield=Long count by COUNT_ZIP_CODE
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...