Make Data Compatible With World Map Widget - Example 1 | LogScale Query Examples

Make Data Compatible With World Map Widget - Example 1

Make data compatible with World Map Widget using the worldMap() function and magnitude

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result

logscale

worldMap(ip=myIpField)

Introduction

The World Map Widget displays geographical data on a world map. Typical fields used in the World Map Widget are lat, lon, geohash, precision, and magnitude.

The worldMap() function is a helper function to produce data compatible with the World Map Widget.

In this example, the worldMap() function takes IP addresses and buckets points using the magnitude, the number of observations in each bucket.

The worldMap() function will automatically bucket the locations to reduce the number of points.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
worldMap(ip=myIpField)
```
Plots IP addresses on the world map. ip=myIpField specifies which field contains IP addresses. The magnitude is the number of observations in each bucket (the default) - the count of IP addresses per location.
Event Result set.

Summary and Results

The query with the worldMap() function is used to visualize and present location data, in this case IP adresses and their geo-coordinates, in a World Map Widget.

Visualization of IP addresses on a global map is useful, for example, to show concentration/density of IPs by location, to visualize attack sources, to monitor user access locations, to track network traffic origins, or identify suspicious geographic patterns.

Examples Library