Splunk® Enterprise

Dashboards and Visualizations

Splunk Enterprise version 8.1 will no longer be supported as of April 19, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Create a new geospatial lookup

Use your geographic feature collection file to create a new geospatial lookup in Splunk Web. For more information about geospatial lookups, see Define a geospatial lookup in Splunk Web in the Knowledge Manager Manual.

Prerequisites

Upload the lookup file

Follow these steps to upload your geospatial feature collection file in Splunk Web:

  1. Unzip the ca_counties.kmz.zip file you downloaded in the previous step.
  2. Navigate to Settings > Lookups.
  3. Under Lookup table files, click + Add new.
  4. Ensure the Destination app is set to Search.
  5. Under Upload a lookup file, click Choose File and select ca_counties.kmz.
  6. Under Destination filename, enter ca_counties.kmz.

Configure the geospatial lookup

Follow these steps to configure your new geospatial lookup in Splunk Web:

  1. Click Settings > Lookups and click + Add new under Lookup definitions.
  2. Ensure the Destination app is set to Search.
  3. Under Name, enter ca_county_lookup.
  4. Under Type, select Geospatial.
  5. Under Lookup file, select the ca_counties.kmz file you just uploaded.
  6. Leave Feature Id Element blank, because this file includes the county name under the default Placemark/name in the .kml file. See The Feature Id Element field in the Knowledge Manager manual for more information about XML path expressions in geospatial lookups.
  7. Click Save.
  8. (Optional) Test your geospatial lookup file.
    1. In the Search & Reporting app search bar, run the following search:

      | inputlookup ca_county_lookup


      If no results appear, try expanding the time range of the search.
    2. Verify that the featureId field contains one row per county, and that the geom field contains polygons and their coordinates. Your search results table should look like the following example:
      count featureCollection featureId geom
      0 ca_county_lookup Alameda {"type":"MultiPolygon","coordinates":[[[[-122.31109619140625, 37.8634033203125],[-122.31109619140625, 37.8634033203125]]]]}
      0 ca_county_lookup Alpine {"type":"MultiPolygon","coordinates":[[[[-119.93537902832031, 38.8084831237793],[-119.93537902832031, 38.8084831237793]]]]}
      0 ca_county_lookup Butte {"type":"MultiPolygon","coordinates":[[[[-121.63543701171875, 40.000885009765625],[-121.63543701171875, 40.000885009765625]]]]}
      0 ca_county_lookup Calaveras "type":"MultiPolygon","coordinates":[[[[-120.21088409423828, 38.500003814697266],[-120.21088409423828, 38.500003814697266]]]]}
    3. Select the Visualization tab and set the visualization type to Choropleth Map.
    4. Zoom to California by clicking the + button or double-clicking the map and verify that the county polygons are displaying properly.

Next step

Generate a choropleth map

Last modified on 01 August, 2019
Download a California counties shapefile   Generate a choropleth map

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.11, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 8.1.10, 8.1.12, 8.1.13, 8.1.14


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters