Dashboards & Visualizations

Why do my location lookups consolidate to one lat/long event on my heat map?

ajobling1964
New Member

I have a dataset of events around a particular city which I wish to represent on a heat map. I have a lookup to each latitude and longitude, but when I try and produce a map it seems to combine all the events into 1 lat and long location.
How can I drill down further?

my search code looks like

index=edisyslogdata exEventType="Area Change" streetName!=NULL | lookup EdiStreetAssets StreetAsset as apId | table apId, streetName, lat, long | geostats latfield=lat longfield=long count BY apId
0 Karma

dhirendra761
Contributor

Your dataset of events are too near to each other . Try to use below. This app will be helpful:
https://splunkbase.splunk.com/app/3124/

0 Karma

ab81428
Path Finder

I hope its because of restriction no of Clusters
By default It will be 100, change it to 10000 or 100000 & check it.

It's works for me,

In Source XML:

option name="mapping.data.maxClusters">100000/option>

ab81428
Path Finder

@ajobling1964 - did you get a chance to check with above option..

0 Karma

ajobling1964
New Member

thanks - I have experimented with various combinations of cluster and binspanlat and binspanlong settings. The latest results in my clusters appear momentarily and then disappearing!
I guess what I'm really after is decent documentation and examples of code for heat maps (over a time period) and cluster maps.

0 Karma

niketn
Legend

@ajobling1964, you can use mapping.map.zoom and mapping.map.center to set initial location/zoom for the visualization on loading. You can use scroll to zoom in and zoom out(provided scroll zoom is enabled through Edit > Format option) or else through mapping.map.scrollZoom

Chech out Splunk documentation for Map Simple XML configuration reference: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@ajobling1964, are you using built in map or some other custom visualization app which plot map?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

ajobling1964
New Member

It's the open street map which is one of the preset configurations on the Tiles tab.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...