Create a new geospatial lookup
Use your geographic feature collection file to create a new geospatial lookup in Splunk Web. For more information about geospatial lookups, see Define a geospatial lookup in Splunk Web in the Knowledge Manager Manual.
Prerequisites
- Locate and download USDM data
- Upload and configure your data
- Download a California counties shapefile
Upload the lookup file
Follow these steps to upload your geospatial feature collection file in Splunk Web:
- Unzip the
ca_counties.kmz.zipfile you downloaded in the previous step. - Navigate to Settings > Lookups.
- Under Lookup table files, click + Add new.
- Ensure the Destination app is set to Search.
- Under Upload a lookup file, click Choose File and select
ca_counties.kmz. - Under Destination filename, enter
ca_counties.kmz.
Configure the geospatial lookup
Follow these steps to configure your new geospatial lookup in Splunk Web:
- Click Settings > Lookups and click + Add new under Lookup definitions.
- Ensure the Destination app is set to Search.
- Under Name, enter
ca_county_lookup. - Under Type, select Geospatial.
- Under Lookup file, select the
ca_counties.kmzfile you just uploaded. - Leave Feature Id Element blank, because this file includes the county name under the default
Placemark/namein the .kml file. See The Feature Id Element field in the Knowledge Manager manual for more information about XML path expressions in geospatial lookups. - Click Save.
- (Optional) Test your geospatial lookup file.
- In the Search & Reporting app search bar, run the following search:
| inputlookup ca_county_lookup
If no results appear, try expanding the time range of the search. - Verify that the
featureIdfield contains one row per county, and that thegeomfield contains polygons and their coordinates. Your search results table should look like the following example:count featureCollection featureId geom 0 ca_county_lookup Alameda {"type":"MultiPolygon","coordinates":[[[[-122.31109619140625, 37.8634033203125],[-122.31109619140625, 37.8634033203125]]]]} 0 ca_county_lookup Alpine {"type":"MultiPolygon","coordinates":[[[[-119.93537902832031, 38.8084831237793],[-119.93537902832031, 38.8084831237793]]]]} 0 ca_county_lookup Butte {"type":"MultiPolygon","coordinates":[[[[-121.63543701171875, 40.000885009765625],[-121.63543701171875, 40.000885009765625]]]]} 0 ca_county_lookup Calaveras "type":"MultiPolygon","coordinates":[[[[-120.21088409423828, 38.500003814697266],[-120.21088409423828, 38.500003814697266]]]]} - Select the Visualization tab and set the visualization type to Choropleth Map.
- Zoom to California by clicking the + button or double-clicking the map and verify that the county polygons are displaying properly.
- In the Search & Reporting app search bar, run the following search:
Next step
| Download a California counties shapefile | Generate a choropleth map |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1, 8.1.0, 8.1.10, 8.1.11, 8.1.12
Download manual
Feedback submitted, thanks!