Rememeber to read part 2 later at Location Tracking in Splunk - Drilldown
First signup for a tracking solution called OpenPaths failed, as the project seems dead and the iOS is not tracking.
Looking into the Apple Store, i found followmee.com and I signed up for an account. Followmee.com has a complete mapping (Tracking) solution, so I could just have stopped it there, but the focus was splunk.
The only interesting App setting on the iPhone is the tracking state and how often the App tracks, read http://followmee.com/Howto.aspx?t=howtoconfigureiphone
It specifies how aggressively the app will track. The default setting is medium, which gives you a new location update every 5 to 10 minutes. If you want more frequent update, choose the high setting, which updates every 1 to 2 minutes. Currently, my setting is High
Getting data out
Past hours history for a device
Past gives a json like:
Current location for a device
Current gives a json like
In splunk, its a bit complicated to split multivalue json into events, and since this is a POC and I dont really care that much for history, I will go for the current location...
Use the website http://json.parser.online.fr/ to text and exanime Your json
Getting data in
To get data in splunk, several approaches can be made - and typically I would choose a on-disk script to pull data from the API to a file to be parsed (via cron), but this time I wanted to play with getting the json in splunk the simplest way, so I installed the REST API Modular Input Add On, even thought its pretty old. The Add On adds an input possibility:
So, after adding a new index for the data, and getting the API Key from the followmee.com website, we add an input for the REST Url
And sourcetype and index:
Notice the polling interval:
I leave it blank, so the REST Url will be called every 60 secs. Also refer to "Tracking Power" above.
Presenting the data
Looking at possible visualisations, I first went for the map/geostats visualisation, but the density and zoomlevel is more world event like than street/block level needed, so I installed the Location Tracker - Custom Visualization.
And created the needed search:
As follow me reports a lot of the same data on the API when the phone is not moving by reporting same time as last for same location, the "dedup" command removes these. The current search is not time important, only location specific. For Time importance, I would problably make another Dashboard
after looking at what the REST Add On fetches from the followmee.com API:
And then build a Dashboard:
Compared to followmee.com: