Skip to main content
Lantern Home
 
 
Splunk Lantern

Law enforcement field operations

  1. Last updated
  2. Save as PDF

 

Field operations, such as stings, need to run according to plan. However, with the large amount of technology and devices involved, many things can go wrong, jeopardizing the investigation. You can use the Splunk platform to proactively monitor your vehicles and devices, as well as look for failure trends so you can prevent them in the future.

Required data

  • Patrol vehicle data
  • Police personnel records
  • Police device data

Procedure

The following searches are guidelines intended to help you get started. Depending on your data set, you may need to change field names or parameters. You can optimize the searches by specifying a time range.

Patrol vehicle data is a rich source of information that data driven law enforcement agencies cannot afford to do without. A dashboard showing the location and status of officers on duty can be a big help to administrators, 911 dispatchers, and others.

For help creating dashboards, try the Splunk Dashboard Studio Examples Hub or see the dashboard documentation for Splunk Enterprise or Splunk Cloud Platform.

clipboard_e36a782224ea4ffdc2623742396212d83.png

Vehicle tracking is an important aspect of training, compliance, and other aspects of law enforcement that will allow the chief of police to confidently communicate to the public that he or she is operating a tight ship. You can prove that your officers are sticking to their beat, not straying from where they're supposed to be. You can also use this information for training purposes or to keep your officers safe if they do stray.

index=gps unit_id=K9300 gps_latitude=* gps_longitude=* 
|rename gps_latitude AS latitude, gps_longitude AS longitude  
| table _time latitude longitude unit_id 
| sort -_time

clipboard_e571ac1bef0c4af757627ef28f4e36814.png

If you identify a vehicle or officer that raises some concerns, you can drill down for additional data points. You might want to monitor the officer's body camera or microphone, or the vehicle's dashboard camera. This information can keep your administration informed of device maintenance issues that can impact officers' ability to work effectively. It can also help you identify trends that might indicate user error or intention to subvert requirements, such as repeated failure to charge a device.

| inputlookup incidents.csv 
| search Custody="Stacy Sheridan" 
| stats values(ID) AS ID, values(Device) AS Device, values(Description) AS Description, BY Priority

index="police_devices" sourcetype="csv" Device="Body Cam" 
| eval Body_Cam_Status="Off" 
| stats values("Body_Cam_Status")

clipboard_ea4b43272bb7944f2eec578b3c6475300.png

With the Splunk platform you can not only monitor equipment while your officers are on the job, but you can be proactive. For example, you can create a dashboard to monitor storage capacity of body cameras to make sure officers are going out with devices that have enough capacity for their shift.

index="police_devices" source=*police_devices.csv 
| timechart span=60m values(Total) BY Device

| inputlookup storage_capacity.csv 
| table "Total Usable" 
| tail 1

clipboard_ed0a1d9e4213436ed49c48cf16090edb1.png

Next steps

Finally, you might be interested in other processes associated with the building a data-driven law enforcement strategy use case.

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.com if you require assistance.