Jump to content
  • TIBCO LogLogic® Geolocation Toolkit for Spotfire


    This Article provides instructions on how to leverage the power of LogLogic's Operational Intelligence solution for aggregating and surfacing deep insights from your infrastructure. Then augment that data in TIBCO Spotfire to get visual insights on how the infrastructure is behaving using geolocation.

    Introduction

    TIBCO LogLogic® provides the industry's first enterprise-class, end-to-end log management solution. Using LogLogic log management solutions, IT organizations can analyze and archive network log data for the purpose of compliance and legal protection, decision support for network security remediation, and increased network performance and improved availability.

    This Article provides instructions on how to leverage the power of LogLogic's Operational Intelligence solution for aggregating and surfacing deep insights from your infrastructure. Then augment that data in Spotfire to get visual insights on how the infrastructure is behaving using geolocation. 

    Using geolocation of IP addresses from TIBCO LogLogic® LMI in Spotfire®

    Pre-requisites

    • TIBCO LogLogic LMI 6.3.0
    • TIBCO Spotfire 10.8
    • LMI Data Source for Spotfire installed on the Spotfire Server
    • TIBCO Spotfire Analyst 10.8 (does not work right now with Web Player due to a Spotfire limitation)

    Preliminary steps in Spotfire Analyst:

    Install the required Python package in Spotfire Analyst

    1. Select the Tools menu
    2. Select Python Tools entry
    3. In the dialog box, select the Package Management tab
    4. In the Available Package input box, type in: python-geoip-python3
    5. Then select the bitstring package below and install it
    6. Now follow the same procedure with the package: python-geoip-geolite2-yplan

    image001_5.png.456a83dcf16ac931b009a1c83b397107.png

    Create a custom Python Data Function in Spotfire Library

    1.  In the Tools menu, select 'Register data function'
    2.  Input a name, keep the default type of Python
    3.  For the script content, copy and paste the below text:
    from geoip import geolite2
    import pandas as pd
    
    def lookup(ip):
        if ip is None:
            return None
        try:
            ip_info = geolite2.lookup(ip)
            if ip_info is None:
                return None
            else:
                return ip_info.country
        except ValueError:
            return None
        except TypeError:
            return None
    
    df_output = df_input
    for col in df_input.columns:
        if col.endswith("IP"):
            newCol = pd.Series(df_input[col], name=col + "_CountryCode")
            newCol = newCol.map(lookup)
            df_output[newCol.name] = newCol
     

          4. Add an input parameter named df_input, of type Table, and select all types.

          5. Add an output parameter named df_output, of type Table

          6. Save the function in the library.

    Create a new Analysis

    Add data using the LMI Data Source

    Navigate to our GitHub page here to download the data source required to connect the TIBCO LogLogic LMI instance with Spotfire. The package Installation section on the GitHub page should contain the steps required to connect these instances.

    Note: You should make sure that the query returns a column containing IP addresses that have names ending with IP, as the resolution data function will look for a column with such a name. If required, rename the column in the projection using AS xxxIP. Also be sure to include sys_eventTime in the query, as that is required by LMI Data Source for TIBCO Spotfire.

    For example:

     use Cisco_ASA | ll_sourcePort in (80,8080,443,8443) | columns ll_sourceIP, count(*) | group by ll_sourceIP | sys_eventTime in -24h
     

    Add a column using the data function

    In the Data menu:

    1. Choose Data Canvas.  
    2. Click on the Plus Sign (+) on the link from the data source, then choose Add transformation
    3. Choose Data Function, then press the Insert button.
    4. Select the data function you have created previously.
    5. Select all columns, then press OK

    The new column(s) xxxIP_CountryCode should appear in the DATA tab.

    image002_2.png.c7110815edf8e72f6613254e6134364a.png

    Set Geocoding for country code columns

    In the Data menu, select Columns Properties. 

    * Be sure to select the Data Table you created above

    For each added country code column:

    1. Select the column in the list
    2. In the Geocoding tab, click on the Select button and choose Auto-match
    3. This should automatically detect the matching as ISO 3166-1 alpha-2
    4. Select OK

    * This step allows the column to be used in Map panels.

    Creating a map Panel

    Ensure that you have followed the pre-installation task on the Spotfire server for Enabling Geocoded tables for map charts:

    Enabling geocoding tables for map charts

    To display data on a Spotfire map, the data must be geocoded. This involves matching the data to location identifiers in a set of data tables that are known as a geocoding hierarchy. These geocoding tables must be imported into the library before they can be used.

    Pre-requisites

    • Spotfire Analyst is installed.

    Procedure

    1. Copy the file <Spotfire Server installation kit>/geoanalytics/geoanalytics.part0.zip to the library folder that is used for importing and exporting files. (By default, this is <serverinstallation directory>/tomcat/application-data/library)
    2. Log in to Spotfire Analyst as a Spotfire Administrator or Library Administrator.
    3. Click Tools > Library Administration.
    4. Click Import and then browse to and select the file geoanalytics.part0.zip.
    5. Click OK twice, and then in the Select Destination Folder dialog, either select an existing folder or create a new one (for example, you can create a ?GeoAnalytics? folder).
    6. Click OK, wait for the dialog to display the words Import done, and then click Close.

    Create a new Visualization of the Map Chart type.

    • Select the relevant country code column in the Marker by select.

    If you want to display the shapes of the countries, add a new Feature layer to the map, from the data table (Properties Layers Add Feature Layer > Data table). Change the color to be dependent on some value, if needed (for example line count).

     

    image003_5.png.02803a76832017277c099fb20353ce85.png

    Additional Resources


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...