Spread our blog

Usage of Splunk commands  : GEOM

Usage of Splunk commands : GEOM is as follows :

  • Geom command is used to add  a field called geom to every event.
  • Geom field contains geographic data for polygon geometry in JSON format.
  • This command is used to create choropleth map visualization in Splunk.

Find below the skeleton of the usage of the command “geom” in SPLUNK :

…| geom <featureCollection> [ featureIdField=<field-name> ]

There are several arguments with geom command below we have given important arguments.

  • featureCollection – This specifies geographic lookup file which you want to lookup. Splunk software by default gives two geographic lookup file . 
    1) geo_countries     
2) geo_us_states
  • featureIdField – This argument is used if the event returns featureId field in another name .

Below we have shown the  contents of geo_countries lookup file.

geom1

In the above image you can see featureCollection field contains the lookup file name ( geo_countries) and featureId contains all the Country names around the world. In the geom field it is showing the geographic data for each Country in JSON format. The data format is for polygon geometry.

Example :

index=_internal sourcetype=splunkd_ui_access
| iplocation clientip
| stats count by Country
| geom geo_countries featureIdField="Country"

Result :

geom2

Visualization :

geom3

Explanation :

In the above query _internal is the index and sourcetype name is splunkd_ui_access . By the iplocation command we have taken the information of clientip from MMDB data base . Here clientip is an existing field name in _internal index. So after using iplocation command we are getting City , Country  , Region,  lat ,lon for the values of clientip field. By the stats command we have taken count by City. At last we have used geom command to view the data in choropleth map . Here geo_countries is the geographic lookup file name. Also we have used featureIdField argument as in the event featureId field is in different name called Country. That’s why we have given featureIdField=”Country” to match the field values. In geom command it shows the origin country of the data and also it is quite similar to the geostats command.

Now you can effectively utilize “geom”  command in  your daily use to meet your requirement !!  

Hope you are now comfortable in : Usage of Splunk commands  : GEOM

Happy Splunking !!

What’s your Reaction?
+1
1
+1
2
+1
1
+1
+1
+1
1
+1

Spread our blog
Previous articleUsage of Splunk commands : GEOSTATS
Next articleUsage of Splunk EVAL Function :TOSTRING
splunkgeek
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here