Re: How do I modify my geostats search so my map s...

seetharamanss · ‎09-20-2016

Hello all,

I have an issue trying to visualize data on a map. Now, I'm trying to get the lat and long from a lookup and values of each field for the country, then, visualize it on the map.

Here is my data and in the map I want to show the Value of the field.

Maintenance: 38
MarketName: TAIWAN
NewAccounts: 32
Timestamp: 20160621
Type: 7

Here is my search:

some search | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts), values(Maintenance) by MarketName

Please advise where I'm missing out.

somesoni2 · ‎09-20-2016

Do you have more that one event/data for each country? If you see in the statistics tab, do you see all the fields being populated?

mporath_splunk · ‎09-20-2016

Without testing it I think you don't need the by MarketName in the end, since the clustering is already done through the lat/lon combination.
I'm also not sure if two aggregations would work here. Try with one first, and see if it works. Then add the second:

... | lookup country_lookup Country as MarketName,OUTPUT Latitude,Longitude | geostats latfield=Latitude longfield=Longitude  values(NewAccounts)

seetharamanss · ‎09-20-2016

Hi ,

I tried the option without by MarketName. I'm not seeing any thing in the MAP visualization. Is there anything which I need to include in the xml reference. Please advise.

cmoinet · ‎03-27-2019

Hi, is there an answer to this proboleme?

How do I modify my geostats search so my map shows the field values for each country based on latitude and longitude from a lookup?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?