I had a GSI partner recently ask me if they could map zip codes on the Google maps app. It was pretty straight forward, the only issue was finding a good data set for the zip code lookup. I thought it might be useful to others.
1) Extract the zip code field from your data. My data was pretty simple:
Tue Jul 2 15:30:59 PDT 2013 Alameda 94709 1
Where the digit at the end represents the number of people in that zip code.
Here is my props.conf file entry:
[splunkers]
EXTRACT-zip=(?<zipcode>\d{5}) (?<splunkers>\d+)
2) Define the lookup in transforms.conf:
[ziplookup]
filename = zipcode_geo.csv
You can download the csv file from here: zipcode_geo
3) Create the appropriate search. In my example, I wanted to see how many splunkers lived in the San Francisco East Bay. I changed the search in the sample drilldown_demo2.xml file:
<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="true" group="Demo Search Results">
<param name="search">sourcetype="splunkers" | stats sum(splunkers) as _geo_count by zipcode | lookup ziplookup Zipcode as zipcode OUTPUT Lat, Long | eval _geo=Lat+","+Long </param>
Here is what the output should look like:
