Hi all this is my first question here since I'm Splunking...
I hope I can explain my problem...
I'm trying to use this App with Splunk 6.4 and it's running ok, but I need a drilldown using the values of the map to filter the results that we show in a table in the same dashboard. I'm testing the next, where I can create several tokens with latitude and longitude when we click on values in the map:
<panel depends="$panel_show1$">
<title>Mapa</title>
<viz type="viz_clustermap.clustermap">
<search>
<query>XXXXX</query>
<earliest>$tiempo.earliest$</earliest>
<latest>$tiempo.latest$</latest>
</search>
<option name="viz_clustermap.clustermap.lat">25.799891182088334</option>
<option name="viz_clustermap.clustermap.lng">-0.52734375</option>
<option name="viz_clustermap.clustermap.markerColor1">#65a637</option>
<option name="viz_clustermap.clustermap.markerColor2">#ffbf00</option>
<option name="viz_clustermap.clustermap.markerColor3">#ff0000</option>
<option name="viz_clustermap.clustermap.markerColor4">#ff00ed</option>
<option name="viz_clustermap.clustermap.maxClusters">120</option>
<option name="viz_clustermap.clustermap.numberFormat_min_0">0.[0]</option>
<option name="viz_clustermap.clustermap.numberFormat_min_1000">1.1a</option>
<option name="viz_clustermap.clustermap.numberFormat_min_10000">1a</option>
<option name="viz_clustermap.clustermap.numberFormat_min_1000000">1.1a</option>
<option name="viz_clustermap.clustermap.tiles">light</option>
<option name="viz_clustermap.clustermap.zoom">2</option>
<option name="viz_clustermap.clustermap.size">50</option>
<option name="height">600</option>
**<drilldown>
<set token="my_latitude">$row.latitude$</set>
<set token="form.my_latitude">$row.latitude$</set>
<set token="my_longitude">$row.longitude$</set>
<set token="form.my_longitude">$row.longitude$</set>
</drilldown>**
</viz>
</panel>
It's ok, but these tokens that we create only get values of latitude an longitude for this value or summary that we have in the map, but we need a range to use them as a filter to show that info in a table panel:
<panel depends="$panel_show1$">
<title>Listado de Ataques</title>
<table id="detail">
<search base="bbase2">
<query>eval IPs=destino+";"+origen | makemv delim=";" IPs | mvexpand IPs | iplocation IPs | search **lat=$my_latitude$ lon=$my_longitude$** | table RequestID, Site, t_creado, t_resuelto, notificado, t_vida, tipo, categoria, subcategoria, dispositivo, fuente, IPs, prioridad, estado, lat, lon, City, Country | sort - RequestID | eval t_vida=tostring(t_vida, "duration")</query>
</search>
<option name="wrap">undefined</option>
<option name="rowNumbers">false</option>
<option name="drilldown">none</option>
<option name="dataOverlayMode">none</option>
<option name="count">11</option>
</table>
</panel>
What do you think? How can we get that range to filter the info of the table panel according to the selected info in the map?
Thanks a lot in advance!!
The click on the map will also expose a set of tokens denoting the bounds of the cluster:
$click.bounds.south$
$click.bounds.east$
$click.bounds.north$
$click.bounds.west$
Here's an example on how to enable what you're after:
<dashboard>
<label>Cluster Map Drilldown Demo</label>
<row>
<panel>
<viz type="viz_clustermap.clustermap">
<search>
<query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
<earliest></earliest>
<latest></latest>
</search>
<drilldown>
<set token="map.click.south">$click.bounds.south$</set>
<set token="map.click.east">$click.bounds.east$</set>
<set token="map.click.north">$click.bounds.north$</set>
<set token="map.click.west">$click.bounds.west$</set>
</drilldown>
</viz>
</panel>
<panel>
<table>
<search>
<query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
</search>
</table>
</panel>
</row>
</dashboard>
The click on the map will also expose a set of tokens denoting the bounds of the cluster:
$click.bounds.south$
$click.bounds.east$
$click.bounds.north$
$click.bounds.west$
Here's an example on how to enable what you're after:
<dashboard>
<label>Cluster Map Drilldown Demo</label>
<row>
<panel>
<viz type="viz_clustermap.clustermap">
<search>
<query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
<earliest></earliest>
<latest></latest>
</search>
<drilldown>
<set token="map.click.south">$click.bounds.south$</set>
<set token="map.click.east">$click.bounds.east$</set>
<set token="map.click.north">$click.bounds.north$</set>
<set token="map.click.west">$click.bounds.west$</set>
</drilldown>
</viz>
</panel>
<panel>
<table>
<search>
<query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
</search>
</table>
</panel>
</row>
</dashboard>
Your answer is perfect for me and based on it I've solved this little integration problem.
Thanks a lot!!