Additional zoom levels for maps in Splunk

3 min readMar 31, 2023

Splunk’s default Cluster Map’s maximum zoom level is 7, which will let you see major cities in a country.

You can change it in the visualisation settings in the Tiles section

But only increasing the Max Zoom level will not help much. The map visualisation will just show you a blank white canvas.

This is because Splunk installation doesn’t have the tiles (the images of the map) for a zoom level above 7.

Online Maps

This is an easy “fix” if your Splunk deployment is open to the internet (directly or over proxy).

Just point the URL to the Open Street Map (OSM) server: https://tile.openstreetmap.org/{z}/{x}/{y}.png.

And you are a happy maps explorer, with a zoom level set to 18 (the maximum OSM allows) you can zoom in quite nicely

Offline Maps

But if your Splunk deployment can’t “reach” out to the OSM website (or other maps server) you are in a bit of a pickle. But fear not, there is a way forward. You will need to download these tiles (as png files) and add them to one of your splunk apps.

Now you could go download them one by one from the Open Street Maps manually or using some script, but it will take you some time (and probably you will be rate-limited by the OSM site)

The way forward:

Download an offline export of the OSM map you are after in the .osm.pbf format (Australia one can be found here Geofabrik Download Server )

Follow the guide here Using OpenStreetMap Offline with a few notes:

I was not specifying the docker image version (so use overv/openstreetmap-tile-server instead of overv/openstreetmap-tile-server:2.2.0)
x/y coordinates I’ve used for Australia are -x 111.35 -X 158.46 -y -46.85 -Y -10.87

to:

deploy a docker container with the map server
import the previously downloaded offline map
run rendering of tile (I wouldn’t go above 12–13 unless absolutely necessary as it takes time and space)
download the rendered tiles from the map server (docker) to your host (same comment as above)

zoom level 13 will take about 4GB

copy the tiles to a splunk app under <SPUNK>\etc\apps\MY_APP\appserver\static\tiles\

update the map visualisation settings to point to the above location

The Easy way forward (if you are after a map of Australia):

For reading around till the end here is a shortcut:

Download the splunk_offline_map.tgz from here — https://github.com/ilyaresh/offline_map/releases/tag/v0.1
go to you <SPLUNK>/etc/apps/ and extract the archive (tar -xzf /tmp/splunk_offline_map.tgz) - will be about 5.8GB extracted

The Easy way forward (if you are after other maps):

I can generate them for you for a small fee $$$ :-).

Fill in this form with the necessary details.

Originally published at https://isbyr.com on March 31, 2023.