Answers for "Find the Distance Between Two or More Geolocation Coordinates"
https://answers.splunk.com/answers/90694/find-the-distance-between-two-or-more-geolocation-coordinates.html
The latest answers for the question "Find the Distance Between Two or More Geolocation Coordinates"Answer by MuS
https://answers.splunk.com/answering/568450/view.html
Hi there,
fast forward into the future, we can do the *great circle formula* in Splunk now.
This example will provide the expected result:
| makeresults
| eval lat1=1, lon1=1, lat2=2, lon2=2
| eval rlat1 = pi()*lat1/180, rlat2=pi()*lat2/180, rlat = pi()*(lat2-lat1)/180, rlon= pi()*(lon2-lon1)/180
| eval a = sin(rlat/2) * sin(rlat/2) + cos(rlat1) * cos(rlat2) * sin(rlon/2) * sin(rlon/2)
| eval c = 2 * atan2(sqrt(a), sqrt(1-a))
| eval distance = 6371 * c
| table lat1 lon1 lat2 lon2 distance
`distance` will be the distance in `km`.
Hope this helps ...
cheers, MuSMon, 04 Sep 2017 21:14:30 GMTMuSAnswer by Damien Dallimore
https://answers.splunk.com/answering/100239/view.html
There is a [Haversine add-on on Splunkbase][1] that should do the trick for you.
[1]: http://apps.splunk.com/app/936Fri, 23 Aug 2013 07:17:57 GMTDamien DallimoreAnswer by rgonzale6
https://answers.splunk.com/answering/100172/view.html
I'm working on a similar query and I much appreciate what you've both done here. I've worked up this:
| lookup geoip clientip |dedup userID, client_city| eval location=clientip."- ".client_city.", ".client_region.", ".client_country| stats last(client_lat) as Lat1, last(client_lon) as Lon1, first(client_lat) as Lat2, first(client_lon) as Lon2, values(location) dc(client_city) as distinctCount by userID| where distinctCount = 2 | eval distance=sqrt(pow(Lat1-Lat2,2)+pow(Lon1-Lon2,2))|sort distance desc
I've gotten it to work when a user has had 2 different IPs. using first & last precludes more though. Still trying to work on that.Thu, 22 Aug 2013 20:13:27 GMTrgonzale6Answer by sideview
https://answers.splunk.com/answering/90949/view.html
The pythagorean theorem is a good approximation only for shorter distances. If you're actually dealing with pretty big distances you have to break out some trig functions and calculate great circle distance. http://en.wikipedia.org/wiki/Great-circle_distance
And since eval can't do trig functions ( see http://splunk-base.splunk.com/answers/26399/can-eval-evaluate-cosines ) that would lead you back to a custom search command again.
However, if your distances are all short enough, then what you propose just needs to be plugged into eval.
`| eval distance=sqrt(pow(src_ip_latidude1-src_ip_latidude2,2)+pow(src_ip_longitude1-src_ip_logitude2,2))`
Once that eval clause gives you that field called distance on your rows, you can do whatever you want with it.Tue, 11 Jun 2013 06:57:26 GMTsideview