Sidehistorik
Info |
---|
Rememeber to read part 2 later at Location Tracking in Splunk - Drilldown |
I wanted to utilise utilize splunk even more (or same) as Edd in https://www.splunk.com/blog/2013/10/22/go-splunk-yourself.htmlin Go Splunk Yourself!
First signup for a tracking solution called OpenPaths failed, as the project seems dead and the iOS is not tracking.
Looking into the Apple Store, i found followmee.com and I signed up for an account. Followmee.com has a complete mapping (Tracking) solution, so I could just have stopped it there, but the focus was splunk.
...
Tip |
---|
Tracking Power |
Getting data out
Next, the data can be extracted to XLS og CVS, but this was to manual, I wanted to utilize and automate, so I signed up for API services, which has 2 primary functions:
Past hours history for a device
Past give gives a json like:
Kodeblok |
---|
{"Data":[{"Date":"2017-12-03T15:26:14+01:00","Latitude":57.01060,"Longitude":10.03402,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":16,"Altitude(m)":5,"Accuracy":124},{"Date":"2017-12-03T15:53:52+01:00","Latitude":57.01172,"Longitude":10.04380,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":0,"Altitude(m)":0,"Accuracy":165},{"Date":"2017-12-03T15:57:05+01:00","Latitude":57.01323,"Longitude":10.04936,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":6,"Altitude(m)":2,"Accuracy":165},{"Date":"2017-12-03T16:03:25+01:00","Latitude":57.01406,"Longitude":10.04982,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":3,"Altitude(m)":1,"Accuracy":65},{"Date":"2017-12-03T16:05:50+01:00","Latitude":57.01049,"Longitude":10.03452,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":16,"Altitude(m)":5,"Accuracy":67},{"Date":"2017-12-03T16:15:17+01:00","Latitude":57.01063,"Longitude":10.03377,"Type":"GPS","Speed(mph)":null,"Speed(km/h)":null,"Altitude(ft)":19,"Altitude(m)":6,"Accuracy":65},{"Date":"2017-12- ... ... 08T18:20:06+01:00","Latitude":57.01431,"Longitude":10.03389,"Type":"GPS","Speed(mph)":38,"Speed(km/h)":61,"Altitude(ft)":36,"Altitude(m)":11,"Accuracy":10},{"Date":"2017-12-08T18:21:58+01:00","Latitude":57.01034,"Longitude":10.03387,"Type":"GPS","Speed(mph)":4,"Speed(km/h)":6,"Altitude(ft)":29,"Altitude(m)":9,"Accuracy":5}]} |
...
Kodeblok |
---|
{"Data":[{"DeviceName":"Normann P.'s iPhone","DeviceID":"11787783","Date":"2017-12-08T18:21:58+01:00","Latitude":57.01034,"Longitude":10.03387,"Type":"GPS","Speed(mph)":4,"Speed(km/h)":6,"Altitude(ft)":29,"Altitude(m)":9,"Accuracy":5}]} |
In splunk, its a bit complicated to split multivalue json into events, and since this is a POC and I dont really care that much for history, I will go for the current location...
Tip |
---|
Use the website http://json.parser.online.fr/ to text and exanime Your json |
Getting data in
To get data in splunk, several approaches can be made - and typicalli typically I would choose a on-disk script to pull data from the API to a file to be parsed (via cron), but this time I wanted to play with getting the json in splunk the simplest way, so I installed the REST API Modular Input Add On, even thought its pretty old. The Add On adds an input possibility:
So, after adding a new index for the data, and getting the API Key from the followmee.com website, we add an input for the REST Url
Kodeblok |
---|
http://followmee.com/api/tracks.aspx?key=*****************************&username=moseisleydk&output=json&function=currentfordevice&deviceid=11787783 |
And sourcetype and index:
Notice the polling interval:
I leave it blank, so the REST Url will be called every 60 secs. Also refer to "Tracking Power" above.
Presenting the data
Looking at possible visualisations, I first went for the map/geostats visualisation, but the density and zoomlevel is more world event like than street/block level needed, so I installed the Location Tracker - Custom Visualization.
And created the needed search:
Kodeblok |
---|
index="followmee" | dedup _time | eval User="Normann" | table _time "Data{}.Latitude" "Data{}.Longitude" User |
Tip |
---|
As follow me reports a lot of the same data on the API when the phone is not moving by reporting same time as last for same location, the "dedup" command removes these. The current search is not time important, only location specific. For Time importance, I would problably make another Dashboard |
after looking at what the REST Add On fetches from the followmee.com API:
And then build a Dashboard:
Compared to followmee.com: