Splunk Cloud Platform

Dashboards and Visualizations with Simple XML

Cluster maps

Use the cluster map visualization to plot aggregated values on a map.

Viz ItalyMap3.png

Data formatting

To generate a cluster map, use the geostats command. The geostats command generates events that include latitude and longitude coordinates for markers. It is similar to the stats command, but provides options for zoom levels and cells for mapping.

For more information, see geostats in the Search Reference.

Configuration options

Use the Format menu to adjust the following cluster map components.

  • Tile appearance and source
  • Cluster marker appearance
  • Zoom on scroll behavior


The following search generates a map showing California earthquakes of magnitude greater than 3 for the past 30 days.

index=main mag>3 | geostats latfield=latitude longfield=longitude count

Viz drilldownMap.png

When a user clicks on a cluster indicating earthquake data, a search launches using the latitude and longitude boundaries of that cluster.

index=main mag>3 | search latitude>=36.21094 latitude<36.56250 longitude>=-122.34375 longitude<-121.64062
Last modified on 23 March, 2017
Use IP addresses to generate a choropleth map   Tutorial overview

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 8.2.2203, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312, 9.2.2403

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters