Visualize Data on a Dashboard Map.

Visualize data on a dashboard map.

  3 minute read  

Overview

If your log data contains certain geographical data, you can visualize it on a Dashboard as a map. This is useful for identifying the locations of issues as they arise. For example, CloudFront logs contain location codes for edge locations.

Requirements

Your log data must contain location data in one of the following formats:

  • IATA 3-letter airport code (SEA)
  • ICAO 4-letter airport code (KSEA)
  • ISO_3166 2-letter country code (US)

IATA codes are interpreted first and may clash with 3 letter ISO_3166 codes. Therefore IATA or 2 letter codes are recommended.

For example, here is a CloudFront sample log:

{ 
"date": "2024-11-14", 
"time": "21:34:06", 
"x-edge-location": "SOF50-P2", 
"asn": "16509", 
"timestamp(ms)": "1731620046814", 
"origin-fbl": "0.251", 
"origin-lbl": "0.251", 
"x-host-header": "d111111abcdef8.cloudfront.net", 
"cs(Cookie)": "examplecookie=value" 
}

It contains an x-edge-location field that has SOF as the first three characters. AWS typically uses an IATA airport code for the airport closest to the edge location so this data can be used to plot the logs on a map.

Extract the Code

To start, you need to extract the IATA three digit from the log body and save it as an attribute. One approach to do this is with an OTTL transformation node configured with the following statements:

set(cache["decoded_body"], Decode(body, "utf-8")) 
set(attributes["parsed"], ParseJSON(cache["decoded_body"])) 
set(attributes["location_code"], Substring(attributes["parsed"]["x-edge-location"], 0, 3))

These statements perform the following functions:

  1. Decode the log body and save it in a cache. See Working with the body and Working with a cache.
  2. Parse the cached and decoded body using its JSON structure and save it as an attribute called parsed.
  3. Extract the first three digits from the x-edge-location parsed attribute and save it as the location_code attribute.

Create a Facet

Next you create a facet for the extracted location code:

  1. Navigate to the Log Explorer
  2. Click the kebab (⋮) icon in the filters pane on any filter group and select Create facet.
  1. Enter @location_code as the path. The @ symbol indicates the field is an attribute.
  2. Specify a Display Name such as Location Path and click Save.
  3. You may need to select Show Hidden Facets to view the custom facets in the Filters pane.

Configure the Widget

Now you create a dashboard containing the map visualization:

  1. Click Dashboards.
  2. Click New Dashboard.
  3. Configure and name and description for the dashboard, then drag a Log Widget onto the dashboard.
  4. Click Edit this Widget.
  5. Select the Aggregate Data type:
  1. Select the facet you created in the Group by field:
  1. Select the Geographical Map Visualization type:
  1. Optionally, click Visualization Options, select Continuous size mapping as the Sizing method and adjust the Symbol size range, Minimum value, and Maximum value.

The values you set depend on your data volumes. You may need to also filter the widget to capture only the relevant logs to avoid empty values.

  1. Click Save.

The Log widget displays its data on a map. Smaller dots represent relatively smaller data volumes.