Related Answers
Download topic as PDF
Cluster maps
Use the cluster map visualization to plot aggregated values on a map.
Data formatting
To generate a cluster map, use the geostats command. The geostats command generates events that include latitude and longitude coordinates for markers. It is similar to the stats command, but provides options for zoom levels and cells for mapping.
For more information, see geostats in the Search Reference.
Configuration options
Use the Format menu to adjust the following cluster map components.
- Tile appearance and source
- Cluster marker appearance
- Zoom on scroll behavior
Drilldown
You can also enable or disable cluster map drilldown in the Format menu.
Cluster map drilldown lets users open a secondary search by clicking on a map cluster. The secondary search uses the geographic boundaries of the selected cluster.
Example
The following search generates a map showing California earthquakes of magnitude greater than 3 for the past 30 days.
index=main mag>3 | geostats latfield=latitude longfield=longitude count
When a user clicks on a cluster indicating earthquake data, a search launches using the latitude and longitude boundaries of that cluster.
index=main mag>3 | search latitude>=36.21094 latitude<36.56250 longitude>=-122.34375 longitude<-121.64062
|
PREVIOUS Configure a Choropleth map |
NEXT Dashboard overview |
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7
Feedback submitted, thanks!