Getting Data In

Plot data from TCP to Google Maps

streddy
Explorer

Hi,

I am interested in plotting marine data from:

http://www.marinetraffic.com/ais/exportraw.aspx?id=1234567890&protocol=xml&msgtype=extended&timespan...

onto the google Maps app in Splunk as an example.

I'd like to know how to point Splunk at the right address.

Tags (2)
0 Karma

lguinn2
Legend

It appears that your data will have fields named LAT and LON. Try this:

sourcetype=shipdata moresearchstuff
| eval _geo = tostring(LAT) + "," + tostring(LON)

This will create the _geo field that the app expects.

To get the data into Splunk, you have many choices. You could set up a feed as they describe in the web page. Or you could use the data export function to retrieve the data into a file. Once you have the data in a file, you could upload it into Splunk using the Manager and Data Inputs. It will be easiest if you have already created a sourcetype for your data. You could put the following lines in $SPLUNK_HOME/etc/system/local/props.conf

[shipdata]
BREAK_ONLY_BEFORE=\<row
TIME_PREFIX=TIMESTAMP\=\"
MAX_TIMESTAMP_LOOKAHEAD=30
TIME_FORMAT=%Y-%m-%dT%H:%M:%S

The fields will be extracted for you automatically. If you need more help than this, may I suggest the Getting Data In manual...

0 Karma

streddy
Explorer

Thank you so much!!!

0 Karma

streddy
Explorer

But how do I get splunk to index the data in the first place?

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...