TIPS & TRICKS

Splunk for Facebook – event updates with geolocation

Geolocation in Splunk for Facebook

Hello again! What you see is a screenshot of a new feature in the Splunk for Facebook app. It is still a work in progress (many components need to be implemented – backend and frontend).

This a quick overview of the new feature added into the Splunk for Facebook app (“Activities updates in your social network”). It was mentioned briefly in the previous article Splunk for Facebook … cont’d about getting better insight of the activities among your connections in your social network with Splunk. There are many parts that are pieced together to get this feature to work:

[1] Getting the data

This app utilizes the Facebook Graph API to retrieve the updates among your connections. In particular the FQL (Facebook Query Language) is used in the HTTP GET request. Here is an example:

https://api.facebook.com/method/fql.query?SELECT post_id, viewer_id, app_id, source_id, updated_time, created_time, attribution, actor_id, target_id, message, app_data, action_links, attachment, comments, likes, privacy, permalink, tagged_ids, message_tags, type FROM stream WHERE (source_id IN (SELECT uid2 FROM friend WHERE uid1 = me()) OR source_id = me()) ORDER BY updated_time DESC&format=json&access_token=abcdefghijklmnopqrstuvwxyz

This is how the table ‘stream’ is defined in the documentation: https://developers.facebook.com/docs/reference/fql/stream/

[2] Pre-process the data

Huh?! Why is it necessary to pre-process the json output from the FB Graph API? Isn’t Splunk smart enough to detect the data format as “J S O N? Sure … but structured data extraction is only available from Splunk 4.3 onwards. In order to maintain backward compatibility, the json retrieved from the FB Graph API is then flattened into key-value pairs so that it is still usable for end users who are still using Splunk version 4.0.x – 4.2.x.

[3] Visualizing the data

This is something interesting that the app is using to visualize the data containing geographical details such as latitude and longitude. Leaflet is used to visualize the geographical origin of the updates. A use case would be:

Nickey updates his status ‘working on Splunk for Facebook app’ with his cellphone in Seattle. The map will then display a glowing dot on Seattle indicating such activity“.

Until the next article … see you real soon!

Disclaimer: Opinions expressed in this blog do not represent the views of Splunk.

----------------------------------------------------
Thanks!
Nicholas Key

Splunk
Posted by

Splunk

Join the Discussion