Instead of just the blue clusters, we can now see pie charts that reveal a breakdown of product category for each cluster. Sourcetype=access_combined_wcookie | iplocation clientip | geostats latfield=lat longfield=lon count by categoryId Things get a little more interesting when you summarize the data on a particular field (I mean the blue dots are nice but don’t tell much of a story). Note: remember to make sure you are selecting the correct visualization (Cluster Map) in the Visualization tab otherwise you won’t see the map. As you zoom in, these clusters will break up and reveal smaller more local clusters. The size of the dot represents the count of downloads. It takes the thousands of individual locations and clusters them in smart positioned locations for better analysis. Splunk will now show me a top-level view of where the downloaders are coming from: Sourcetype=access_combined_wcookie | iplocation clientip | geostats latfield=lat longfield=lon count ![]() The first command I will use is geostats. So now I can summarize my data but what if I want to see where these downloads are coming from inside a country? Showing this on a map would be even cooler! No surprise that Splunk has some commands that will help you do this. Sourcetype=access_combined_wcookie | iplocation clientip | stats count by CountryĪnd I can use this to make a nice column chart: For example I can now get counts of downloads by country. Pretty neat! Now we have some data we can use. Sourcetype=access_combined_wcookie | iplocation clientip | table lat, lon, Country If I create a table we will see some of what was added: iplocation extended the event data with some interesting fields. When we look more closely, we can see the real magic in play. I know, the results are underwhelming since it seems to do nothing. Sourcetype=access_combined_wcookie | iplocation clientip To add location, simply run this search command: The command is called iplocation and more info about this command can be found here. First, much of the IT data collected will have an IP address and second, Splunk comes with a handy dandy command that will assign latitude, longitude and other geographic data based on the IP address. While there are a number of different ways to add location to data based on addresses, postal codes or other information, a surprisingly accurate way to get to a visitor’s location is using IP addresses. Each event has an IP address, the product category as well as much more data. To demonstrate I will use data from our Buttercup games demo data and in particular the Access Combined web log data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |