TIPS & TRICKS

Zip code mapping

I had a GSI partner recently ask me if they could map zip codes on the Google maps app. It was pretty straight forward, the only issue was finding a good data set for the zip code lookup. I thought it might be useful to others.

1) Extract the zip code field from your data. My data was pretty simple:

Tue Jul 2 15:30:59 PDT 2013 Alameda 94709 1

Where the digit at the end represents the number of people in that zip code.

Here is my props.conf file entry:
[splunkers]
EXTRACT-zip=(?<zipcode>\d{5}) (?<splunkers>\d+)

2) Define the lookup in transforms.conf:
[ziplookup]
filename = zipcode_geo.csv

You can download the csv file from here: zipcode_geo

3) Create the appropriate search. In my example, I wanted to see how many splunkers lived in the San Francisco East Bay. I changed the search in the sample drilldown_demo2.xml file:

<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="true" group="Demo Search Results">
<param name="search">sourcetype="splunkers" | stats sum(splunkers) as _geo_count by zipcode | lookup ziplookup Zipcode as zipcode OUTPUT Lat, Long | eval _geo=Lat+","+Long </param>

Here is what the output should look like:

----------------------------------------------------
Thanks!
Karandeep Bains

----------------------------------------------------
Thanks!
Karandeep Bains

Splunk
Posted by

Splunk

Join the Discussion