Hi,
I am interested in plotting marine data from:
onto the google Maps app in Splunk as an example.
I'd like to know how to point Splunk at the right address.
It appears that your data will have fields named LAT
and LON
. Try this:
sourcetype=shipdata moresearchstuff
| eval _geo = tostring(LAT) + "," + tostring(LON)
This will create the _geo
field that the app expects.
To get the data into Splunk, you have many choices. You could set up a feed as they describe in the web page. Or you could use the data export function to retrieve the data into a file. Once you have the data in a file, you could upload it into Splunk using the Manager and Data Inputs. It will be easiest if you have already created a sourcetype
for your data. You could put the following lines in $SPLUNK_HOME/etc/system/local/props.conf
[shipdata]
BREAK_ONLY_BEFORE=\<row
TIME_PREFIX=TIMESTAMP\=\"
MAX_TIMESTAMP_LOOKAHEAD=30
TIME_FORMAT=%Y-%m-%dT%H:%M:%S
The fields will be extracted for you automatically. If you need more help than this, may I suggest the Getting Data In manual...
Thank you so much!!!
But how do I get splunk to index the data in the first place?