All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Geostats Mapping

leonards1
Explorer
‎07-18-2018 10:43 AM

I have a json array of movement data coming in with multiple lat and long values and am having difficulty plotting this movement on a map.

I am able to get these to plot as a single point when I have only one lat/long combination in the event, however when there are multiples as in the below example (in markers{}), I lose the visualization.

Incoming data example:

{   
     date_start:     1531698100.179007  
     date_update:    1531698291.081359  
     markers:   [
        {
         date:   1531698136.120904  
         latitude:   27.411273  
         longitude:  -82.505357     
        }   
        {
         date:   1531698140.102953  
         latitude:   27.411935  
         longitude:  -82.505325 
        }   
    ]   
     total_distance_in_meters:   2470   
     total_time_minutes:     2.5999695122241966 
    ]   
}

I am using the below. The mvexpand breaks the single event into 2 based on the date creates 2 separate events, which I believe is what I need to do however they just don't plot:

index="myindex" source="mysource.json" 
| mvexpand markers{}.date
| geostats latfield=markers{}.latitude longfield=markers{}.longitude count

Where am I going wrong here?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...