Law enforcement field operations
Field operations, such as stings, need to run according to plan. However, with the large amount of technology and devices involved, many things can go wrong, jeopardizing the investigation. You can use the Splunk platform to proactively monitor your vehicles and devices, as well as look for failure trends so you can prevent them in the future.
Required data
- Patrol vehicle data
- Police personnel records
- Police device data
Procedure
The following searches are guidelines intended to help you get started. Depending on your data set, you may need to change field names or parameters. You can optimize the searches by specifying a time range.
Patrol vehicle data is a rich source of information that data driven law enforcement agencies cannot afford to do without. A dashboard showing the location and status of officers on duty can be a big help to administrators, 911 dispatchers, and others.
For help creating dashboards, try the Splunk Dashboard Studio Examples Hub or see the dashboard documentation for Splunk Enterprise or Splunk Cloud Platform.
Vehicle tracking is an important aspect of training, compliance, and other aspects of law enforcement that will allow the chief of police to confidently communicate to the public that he or she is operating a tight ship. You can prove that your officers are sticking to their beat, not straying from where they're supposed to be. You can also use this information for training purposes or to keep your officers safe if they do stray.
index=gps unit_id=K9300 gps_latitude=* gps_longitude=* |rename gps_latitude AS latitude, gps_longitude AS longitude | table _time latitude longitude unit_id | sort -_time
If you identify a vehicle or officer that raises some concerns, you can drill down for additional data points. You might want to monitor the officer's body camera or microphone, or the vehicle's dashboard camera. This information can keep your administration informed of device maintenance issues that can impact officers' ability to work effectively. It can also help you identify trends that might indicate user error or intention to subvert requirements, such as repeated failure to charge a device.
| inputlookup incidents.csv | search Custody="Stacy Sheridan" | stats values(ID) AS ID, values(Device) AS Device, values(Description) AS Description, BY Priority
index="police_devices" sourcetype="csv" Device="Body Cam" | eval Body_Cam_Status="Off" | stats values("Body_Cam_Status")
With the Splunk platform you can not only monitor equipment while your officers are on the job, but you can be proactive. For example, you can create a dashboard to monitor storage capacity of body cameras to make sure officers are going out with devices that have enough capacity for their shift.
index="police_devices" source=*police_devices.csv | timechart span=60m values(Total) BY Device
| inputlookup storage_capacity.csv | table "Total Usable" | tail 1
Next steps
Finally, you might be interested in other processes associated with the building a data-driven law enforcement strategy use case.