Geomap Widget

At times, geographical distribution of data is as important as the data itself.

The Geomap widget gives you a unified view of your data visualization and its geographical distribution. For example, you can plot VPN connection logs and the IP addresses from which they originate. The widget displays the IP addresses as points or a bubble chart on the geographical map.

Geomap widget uses the IP address and location information from your data model to plot the data on a map. You can select the geographical map as a particular region or country, or the world map. You can plot IP addresses as points or as a bubble for a region on the map.

Note: To use this widget, the MaxMind database must be available on your appliance. Contact your administrator.

Use the following information to configure the widget:

Field Description
Fetch data from source
Query

Enter a search query. The query must include the geoiplookup() function. For more information, see Miscellaneous Functions.

  • To start an EQL statement, enter USE.
  • To start an SQL statement, enter SELECT.

You can search based on filter and time Bloks as well. After you enter the search query, the columns from the query are used as field options in the Geomap widget configuration section.

For more information about EQL search syntax, see Event Query Language Reference.

Date & Time You can enter absolute and relative time ranges.

For example, enter -5h as a relative time range to display results for events that occurred in the past 5 hours.

For more information and examples, see Time Range Expressions.

Geomap widget configuration
Source IP Select the data model column in which IP addresses are stored and that has a data type as INET_ADDR.
Location

Select the column with the location of the area. You must use the geoiplookup() function and specify the location parameter along with the Source IP field so that the geoiplookup() function calculates the latitude and longitude of the area:

geoiplookup(<columnName>, 'location')
Location tooltip

Select the column with the geographical information of the required area. You must use the geoiplookup() function, such as country, city, postal, and so on, depending on the configuration of the geographical database available on your appliance.

  • The value of selected information is displayed as the tooltip.
  • If the field is empty, then the IP address is displayed as the tooltip of the point on the map.

For example, if you use the country option, the country name is displayed as a tooltip of the point on the map.

Bubble weight Select the column that can be used to indicate a number of IP addresses for the selected location. If multiple IP addresses belong to that region on the map, then a bubble is displayed instead of a dot. The size of the bubble is proportionate to the column value.
Add series (+)

Click + to add another row of the Source IP, Location, Location tooltip, and Bubble weight fields.

You can add multiple series to the chart. For example, if a data model includes multiple columns that return an INET_ADDR type.

Region border color

Select the color of the region border. 

Default: #A0A0A0

Map background color

Select the background color of the region.

Default: #E9E9E9

Map

Select a map type from the available list.

Default: World continents

Widget description Enter a short description for the widget. The description is displayed on the Advanced Dashboard when you hover over the widget.
Auto load

Turn on the toggle to automatically load widget data on the Advanced Dashboard as soon as you save the widget or when you navigate to the dashboard.

Disabling the Auto load option also disables the Auto refresh option. However, you can manually refresh the widget on the Advanced Dashboard to load its data.

Default:

  • Disabled for widgets created in LogLogic LMI 6.3.1 and later
  • Enabled for the widgets created in LogLogic LMI 6.3.0 and earlier
Auto refresh

Turn on the toggle to refresh the widget every few seconds.

This setting is enabled only if the Auto Load option is enabled.

Default: OFF

Refresh widget every If Auto refresh is set to ON, then enter a time interval in seconds to refresh the widget. Refresh action starts after the data is completely retrieved and displayed.

Example Search Query

use system | COLUMNS sys_collectIP, geoiplookup(sys_collectIP,"location"), geoiplookup(sys_collectIP,"country"), count(sys_collectIP) | (sys_collectIP != '127.0.0.1' AND sys_collectIP != '198.51.100.0' AND sys_collectIP != '::1') | group by sys_collectIP
In this example, IP addresses of locations are marked as separate points and country names are displayed as the tooltip. The IP address 198.51.100.0 is an example. Replace it with the IP address of your appliance.

Note: Political boundaries or place names contained in the maps do not necessarily reflect TIBCO's view of any particular disputed border or place name and TIBCO does not warrant the accuracy of such boundaries or place names.
Related Topics