Is anyone can advise on how to add a value of TextField into a googleMap search?
I have a GoogleMap module in a dashboard as below:
<module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="true">
<param name="search"> index=cons-network-sec sourcetype=cons-syslog-fw src_honesty="bad" | dedup src| rename src AS clientip | table clientip | geoip clientip | lookup threatscore clientip</param>
<module name="GoogleMaps">
<param name="height">500px</param>
<param name="mapType">terrain</param>
<param name="center">39.810646,-98.556976</param>
<param name="scrollwheel">off</param>
</module>
</module>
The data can be displayed correctly in the google map. Now, I need to add a TextField to filter the googleMap data based on the value of the text field. Below is the modified code after adding the TextField (*Please ignore the number of tag as it's a portion of the code and I copied portion of the code only):
<module name="TextField">
<param name="name">service</param>
<param name="float">left</param>
<param name="template">$value$</param>
<param name="label">service name:</param>
<module name="Search">
<param name="search">|stats count AS src | eval src="$src$" | eval src=replace(src, " ", "") | eval src=replace(src,",", " OR src=") | eval src=if(src=="","*","(src=".src.")") | rename src AS src_ip</param>
<module name="ResultsValueSetter">
<param name="fields">src_ip</param>
<module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="true">
<param name="search"> index=cons-network-sec sourcetype=cons-syslog-fw $src_ip$ src_honesty="bad" | dedup src| rename src AS clientip | table clientip | geoip clientip | lookup threatscore clientip</param>
<module name="GoogleMaps">
<param name="height">500px</param>
<param name="mapType">terrain</param>
<param name="center">39.810646,-98.556976</param>
<param name="scrollwheel">off</param>
</module>
</module>
</module>
</module>
</module>
After adding the $src_ip$ in the googleMap search, it causes the data can't be displayed in the google map. The field is working fine if i use in search chart/table in the dashboard.
Please help.
I have managed to solve this.
The attribute in GoogleMap Search will be working by using module 'Search' instead of 'HiddenSearch'.
Replace below
<module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="true">
with
<module name="Search" layoutPanel="panel_row3_col1" autoRun="true">
and the attribute in google map module will be working properly.
I have managed to solve this.
The attribute in GoogleMap Search will be working by using module 'Search' instead of 'HiddenSearch'.
Replace below
<module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="true">
with
<module name="Search" layoutPanel="panel_row3_col1" autoRun="true">
and the attribute in google map module will be working properly.
Hi nazmy
i advise you to use src=$src$ in your search instead of $src_ip$
I propose you this search
index=cons-network-sec sourcetype=cons-syslog-fw src=$src$ src_honesty="bad" | dedup src| rename src AS clientip | table clientip | geoip clientip | lookup threatscore clientip