Geostats display custom column

rsokolova · ‎05-07-2019

Thanks in advance. I'm struggling trying to display the amount of requests per zip code however its just showing the amount of zip codes.

Search:
index=soa source="export.csv" host="misssplunksh01.corp.rndc-usa.com" index="soa" sourcetype="csv"
| geostats latfield=GEO_LAT longfield=GEO_LONG sum(TOTAL_SALES) by Zip

How the data looks like:

How the map looks like.

Please let me know if something is unclear , thanks again

woodcock · ‎07-06-2019

Check out the geo-based examples in the Splunk Dashboard Examples app:
https://splunkbase.splunk.com/app/1603/

quantum_view · ‎05-07-2019

Try;
|stats values(TOTAL_SALES) as "Total Sales" by Zip
Sum grabs the total of all field values while stats values grabs the each key of each value and outputs them. Let me know the news pls.

MuS · ‎05-07-2019

Please add the SPL you used to create the table/map.

cheers, MuS

rsokolova · ‎05-07-2019

Thanks for helping @MuS , I've added the search to the main post.... Also tried using count , without by clause and using other app which is called maps for splunk but no luck so far.

MuS · ‎05-07-2019

Have you tried:

| geostats latfield=GEO_LAT longfield=GEO_LONG count(request_field_name) AS requests by Zip

rsokolova · ‎05-07-2019

@MuS , just tried but didn't work.

MuS · ‎05-07-2019

Can you please add some anonymised event samples?

Geostats display custom column

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!