If you read our last installment on Maps, you’ll know we can put calls on a map.
There are even more cool maps to display calls on! In addition to Cluster maps, Splunk also has bundled with it Choropleth maps for both Countries and for US States.
Before starting, you may want to go review our post on building Cluster Maps. Come on back when you are done there and let’s get our hands dirty.
So we won’t tell you how to do it beyond Browse > Browse Calls.
Let’s now show this in the core Splunk UI to do the custom visualizations we need.
This is where things go different from the previous article. For one thing, we’re going to go through using “Countries” here, if you are in the US and want to use States it’s this same process only with a slightly different command. We will do US States as a second example below (but read through this one, we’ll use an abbreviated version of it so you need to be familiar with it anyway).
Last time we built a cluster map by adding one command, “geostats”. To build a Choropleth map we need to add two commands, one (stats) to “sum” up the counts by country, another (geom) to tell Splunk how to display that “place”.
| stats count BY finalCalledPartyCountry | geom geo_countries featureIdField="finalCalledPartyCountry" -- OR -- | stats count BY callingPartyCountry | geom geo_countries featureIdField="callingPartyCountry"
Notice that I added the search from above and that I’m currently looking at the Statistics tab. The stats part is responsible for coming up with the “count” of 53 for Australia. The “geom” command is what came up with that big pile of numbers on the right, which if you squint really hard at is a polygon shaped just like Australia. I promise. You might have to squint *really* hard to see that, or maybe let’s have Splunk show us this!
Splunk *should* pre-select the map type , because we’ve sent the data through the geom command. If so, there’s nothing else you need to do except wait a few moments for the data to populate.
If on the other hand you do not have a Choropleth Map showing,
Give that a little while to load…
As promised, here is how to do U.S. States. This relies on the process above, so if you have any questions on how to do a particular thing, refer to the Countries sections above.
| stats count BY finalCalledPartyState | geom geo_us_states featureIdField="finalCalledPartyState" -- OR -- | stats count BY callingPartyState | geom geo_us_states featureIdField="callingPartyState"
We hope to have given you the tools to create some nice visualizations using your CDR data. Now maybe those dashboards of incoming calls won’t look so plain!