Splunk’s default Cluster Map’s maximum zoom level is 7, which will let you see major cities in a country.
You can change it in the visualisation settings in the Tiles section
But only increasing the Max Zoom level will not help much. The map visualisation will just show you a blank white canvas.
This is because Splunk installation doesn’t have the tiles (the images of the map) for a zoom level above 7.
This is an easy “fix” if your Splunk deployment is open to the internet (directly or over proxy).
Just point the URL to the Open Street Map (OSM) server:
And you are a happy maps explorer, with a zoom level set to 18 (the maximum OSM allows) you can zoom in quite nicely
But if your Splunk deployment can’t “reach” out to the OSM website (or other maps server) you are in a bit of a pickle. But fear not, there is a way forward. You will need to download these tiles (as png files) and add them to one of your splunk apps.
Now you could go download them one by one from the Open Street Maps manually or using some script, but it will take you some time (and probably you will be rate-limited by the OSM site)
The way forward:
Download an offline export of the OSM map you are after in the
.osm.pbf format (Australia one can be found here Geofabrik Download Server )
Follow the guide here Using OpenStreetMap Offline with a few notes:
- I was not specifying the docker image version (so use
- x/y coordinates I’ve used for Australia are
-x 111.35 -X 158.46 -y -46.85 -Y -10.87
- deploy a docker container with the map server
- import the previously downloaded offline map
- run rendering of tile (I wouldn’t go above 12-13 unless absolutely necessary as it takes time and space)
- download the rendered tiles from the map server (docker) to your host (same comment as above)
Copy the tiles to a splunk app under
Update the map visualisation settings to point to the above location
Start enjoying the offline maps with the zoom level you were crazy enough to render and add to Splunk
The Easy way forward (if you are after a map of Australia):
For reading around till the end here is a shortcut:
- Download the splunk_offline_map.tgz from here – https://github.com/ilyaresh/offline_map/releases/tag/v0.1
- go to you
<SPLUNK>/etc/apps/and extract the archive (
tar -xzf /tmp/splunk_offline_map.tgz) – will be about 5.8GB extracted
The Easy way forward (if you are after other maps):
I can generate them for you for a small fee $$$ :-).
Need map tiles generated for you?
More posts about Splunk
Predicting multiple metrics in Splunk
Splunk Failed to apply rollup policy to index… Summary span… cannot be cron scheduled
How to collect StatsD metrics from rippled server using Splunk
Plotting Splunk with the same metric and dimension names shows NULL
Splunk Eventgen Jinja templating
How to Register to Splunk Partner Portal and transfer Certifications and Learning
Get Score Breakdown for Pearson VUE Exam