Cluster maps
Use the cluster map visualization to plot aggregated values on a map.
Data formatting
To generate a cluster map, use the geostats
command. The geostats
command generates events that include latitude and longitude coordinates for markers. It is similar to the stats
command, but provides options for zoom levels and cells for mapping.
For more information, see geostats in the Search Reference.
Configuration options
Use the Format menu to adjust the following cluster map components.
- Tile appearance and source
- Cluster marker appearance
- Zoom on scroll behavior
Example
The following search generates a map showing California earthquakes of magnitude greater than 3 for the past 30 days.
index=main mag>3 | geostats latfield=latitude longfield=longitude count
When a user clicks on a cluster indicating earthquake data, a search launches using the latitude and longitude boundaries of that cluster.
index=main mag>3 | search latitude>=36.21094 latitude<36.56250 longitude>=-122.34375 longitude<-121.64062
Use IP addresses to generate a choropleth map | Tutorial overview |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2203, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!