A helper function to produce data compatible with the World Map widget. It takes either IP addresses or lat/lon as input and buckets points using a geohashing algorithm.

ParameterTypeRequiredDefault ValueDescription
ipstringoptional[a]   The field containing the IP address to look up geo-coordinates for.
latstringoptional[a]   A field containing the latitude to use for geohash bucketing.
lonstringoptional[a]   A field containing the longitude to use for geohash bucketing.
magnitudeaggregateoptional[a] count(as=_count) A function used to calculate the magnitude (weight) of each bucket. This value is used to determine the size or opacity of the world map markers.
precisionnumberoptional[a] 4 The precision to use in the calculation of the embedded geohash. Usually 4 is fine for a full globe, 12 is for a small area of zoom.

[a] Optional parameters use their default value unless explicitly set.

worldMap()Examples

Click + next to an example below to get the full details.

Calculate Geohash Value of a Set of Coordinates

Calculate a geohash value given two fields representing latitude and longitude using the geohash() function

Query
logscale
londonLat := 51.507222
| londonLon := -0.1275
| geohash(lat=londonLat, lon=londonLon)
Introduction

In this example, the geohash() function is used to calculate the geohash values for London. Note that the values of latitude and longitude coordinates must be expressed in decimal degrees.

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    londonLat := 51.507222
| londonLon := -0.1275
| geohash(lat=londonLat, lon=londonLon)

    Calculates the geohash value of a set of coordinates extracted from the fields lat=londonLat and lon=londonLon, and returns the result in a field named _geohash.

  3. Event Result set.

Summary and Results

The query is used to calculate the geohash value for London (lat, lon). A geohash is used for indexing locations on maps and in databases.

You can use the worldMap() function to plot existing geo-coordinates (latitude/longitude) on the World Map by adding this to the query:

| worldMap(lat=location.latitude, lon=location.longitude)

Sample output from the incoming example data:

_geohashlondonLatlondonLon
gcpvj0e5m41551.507222-0.1275

Make Data Compatible With World Map Widget - Example 1

Make data compatible with World Map Widget using the worldMap() function and magnitude

Query
logscale
worldMap(ip=myIpField)
Introduction

In this example, the worldMap() function takes IP addresses and buckets points using the magnitude, the number of observations in each bucket.

The worldMap() function will automatically bucket the locations to reduce the number of points.

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    worldMap(ip=myIpField)

    Plots IP addresses on the world map. ip=myIpField specifies which field contains IP addresses. The magnitude is the number of observations in each bucket (the default) - the count of IP addresses per location.

  3. Event Result set.

Summary and Results

The query with the worldMap() function is used to visualize and present location data, in this case IP adresses and their geo-coordinates, in a World Map Widget.

Visualization of IP addresses on a global map is useful, for example, to show concentration/density of IPs by location, to visualize attack sources, to monitor user access locations, to track network traffic origins, or identify suspicious geographic patterns.

Make Data Compatible With World Map Widget - Example 2

Make data compatible with World Map Widget using the worldMap() function and geo-coordinates

Query
logscale
worldMap(lat=location.latitude, lon=location.longitude)
Introduction

In this example, the worldMap() function takes either IP addresses or geo-coordinates (latitude/longitude) as input and buckets points using a geohashing algorithm.

The worldMap() function will automatically bucket the locations to reduce the number of points.

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    worldMap(lat=location.latitude, lon=location.longitude)

    Plots existing geo-coordinates (latitude/longitude) on the world map.

  3. Event Result set.

Summary and Results

The query with the worldMap() function is used to visualize and present location data, in this case IP adresses and their exact geo-coordinates, in a World Map Widget.

Visualization of IP addresses ond their exact geo-coordinates on a global map is more accurate and useful in cases where high precision is required, for example for physical asset tracking.

Make Data Compatible With World Map Widget - Example 3

Make data compatible with World Map Widget using the worldMap() function and average latency as magnitude of the points

Query
logscale
worldMap(ip=myIpField, magnitude=avg(latency))
Introduction

In this example, the worldMap function is used with the magnitude function to calculate the magnitude (weight) of each bucket. This value is used to determine the size or opacity of the world map markers.

The worldMap() function will automatically bucket the locations to reduce the number of points.

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    worldMap(ip=myIpField, magnitude=avg(latency))

    Plots IP addresses on the world map and uses average latency as magnitude of the points.

  3. Event Result set.

Summary and Results

The query with the worldMap() function is used to visualize and present location data, in this example IP adresses and the average latency, in a World Map Widget. The query is useful, for example, to identify performance patterns based on latency across different regions, or to identify potential network bottlenecks or performance issues in specific locations.

Visualization of IP addresses ond average latency values on a global map is useful in network monitoring and performance analysis to quickly spot geographical patterns in network latency. Larger average latency values will create bigger/more intense points on the world map.