Skip to main content
Sumo Logic

Map Charts

Map charts show the location of extracted IP addresses from log messages on a map.

To map your search results, provide valid aggregated latitude and longitude values. Make sure the field names are 'latitude' and 'longitude' so that map can recognize the values. Format the values with positive or negative values based on being north/south or east/west instead of using the terms N/S, E/W. 

Here's an example of the values you can parse out your log file using map:

* | "30.42" as latitude | "-87.21" as longitude | count by latitude, longitude"

  •  

For example, you could use the following query to create a Map chart:

_sourceCategory=Error
| parse regex "(?<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
| lookup latitude, longitude, country_code, country_name, region, city, postal_code, area_code, metro_code from geo://default on ip = client_ip
| count by latitude, longitude, country_code, country_name, region, city, postal_code, area_code, metro_code
| sort _count

which would produce results such as:

Rules

  • A _count aggregator is required. 
  • Other aggregators like sum or avg do not provide accurate results. 

Limitations

  • Map charts have a display limit of 10,000 results. 

Create a Map Chart

  1. Run a Geo Lookup query.
  2. In the Aggregates tab, choose the Map Chart icon to display the search results.
    Charts - map

The data in the Aggregates tab is represented as a map chart.

For more information on geolocation operators, see the Geo Lookup operator.