Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Google Maps Add-on for Splunk Enterprise: How to c...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Google Maps Add-on for Splunk Enterprise: How to create a dashboard with results on a map?
kpavan
Path Finder
04-05-2016
05:37 AM
Hi,
I have installed Google Maps Add-on for Splunk Entperise in Splunk 6.3.2. In the add-on, when I run the search:
index=wineventlog sourcetype=wineventlog:security EventCode=4625 src_ip=* | geoip src_ip....
I am able to see the results in a map. With that result, I created a dashboard, but in the dashboard, I am unable to see the result in a map. It's only giving me the events. How can I achieve getting the results in a map instead of raw events?
Thanks!
Win_Auth_Failure
<panel>
<map>
<title>Auth Failure</title>
<search>
<query>index=wineventlog sourcetype=wineventlog:security EventCode=4625 src_ip=* | geoip src_ip</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="mapping.type">marker</option>
<option name="mapping.choroplethLayer.colorBins">5</option>
<option name="mapping.choroplethLayer.colorMode">auto</option>
<option name="mapping.choroplethLayer.maximumColor">0xDB5800</option>
<option name="mapping.choroplethLayer.minimumColor">0x2F25BA</option>
<option name="mapping.choroplethLayer.neutralPoint">0</option>
<option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
<option name="mapping.choroplethLayer.showBorder">1</option>
<option name="mapping.data.maxClusters">100</option>
<option name="mapping.map.center">(0,0)</option>
<option name="mapping.map.panning">true</option>
<option name="mapping.map.scrollZoom">1</option>
<option name="mapping.map.zoom">2</option>
<option name="mapping.markerLayer.markerMaxSize">50</option>
<option name="mapping.markerLayer.markerMinSize">10</option>
<option name="mapping.markerLayer.markerOpacity">0.8</option>
<option name="mapping.showTiles">1</option>
<option name="mapping.tileLayer.maxZoom">19</option>
<option name="mapping.tileLayer.minZoom">0</option>
<option name="mapping.tileLayer.tileOpacity">1</option>
<option name="drilldown">all</option>
<option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option>
</map>
</panel>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-05-2016
05:50 AM
Try this:
index=wineventlog sourcetype=wineventlog:security EventCode=4625 | stats count BY src_ip | geoip src_ip
Or maybe:
index=wineventlog sourcetype=wineventlog:security EventCode=4625 | stats count BY src_ip | lookup geo src_ip
Get Updates on the Splunk Community!
Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...
We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...
IM Landing Page Filter - Now Available
We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...
Dynamic Links from Alerts to IM Navigators - New in Observability Cloud
Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...
