I can't seem to get Splunk to run the search necessary to create a choloropleth map. Here is my search:
index="main" host="designsafe01.tacc.utexas.edu" PUT /api/public/files/media/published/designsafe.storage.published
| regex "HTTP\/\d\.\d\s200"
| rex "(?[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})"
| iplocation wma_ip
| stats count by Country
| geom geo_countries featureIdField="Country"
It works find without the last line. I can use geostats to generate cluster maps without a problem. Any time I try to use the **geom** command though, I get:
**Error in 'SearchOperator:Geom': could not resolve**
Any thoughts? I've found a couple places with things to look for. One person suggested I should change the settings in the lookup for geo_countries, but I don't see that lookup. Isn't that supposed to be there by default?
Thanks,
Joshua
↧