Hey Guys,
I have a choropleth map which returns the amount of hits on security data from ip's attacking from different countries
search : index=... | iplocation SRC_IP | stats count by Country | eval count=count | eval Country=if(Country="","_unknown_",Country) | geom geo_countries featureIdField="Country" | sort + count
The problem is, when searched over a long period of time, the country for the highest has a high count so everything else which has a lot less is put into the lowest bin
e.g. china has 6 million hits so it is in the top bin, whereas everything else has 1m, 500k etc so it is put into the lowest bin.
Is there a way to normalise this so that more colours are shown?
↧