All Apps and Add-ons

How can I get the latitude and longitude range when I click on map markers and use those values for a drilldown to a panel in the same dashboard?

Javip
Path Finder

Hi all this is my first question here since I'm Splunking...
I hope I can explain my problem...

I'm trying to use this App with Splunk 6.4 and it's running ok, but I need a drilldown using the values of the map to filter the results that we show in a table in the same dashboard. I'm testing the next, where I can create several tokens with latitude and longitude when we click on values in the map:

<panel depends="$panel_show1$">
  <title>Mapa</title>
  <viz type="viz_clustermap.clustermap">
    <search>
      <query>XXXXX</query>
      <earliest>$tiempo.earliest$</earliest>
      <latest>$tiempo.latest$</latest>
    </search>
    <option name="viz_clustermap.clustermap.lat">25.799891182088334</option>
    <option name="viz_clustermap.clustermap.lng">-0.52734375</option>
    <option name="viz_clustermap.clustermap.markerColor1">#65a637</option>
    <option name="viz_clustermap.clustermap.markerColor2">#ffbf00</option>
    <option name="viz_clustermap.clustermap.markerColor3">#ff0000</option>
    <option name="viz_clustermap.clustermap.markerColor4">#ff00ed</option>
    <option name="viz_clustermap.clustermap.maxClusters">120</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_0">0.[0]</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000">1.1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_10000">1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000000">1.1a</option>
    <option name="viz_clustermap.clustermap.tiles">light</option>
    <option name="viz_clustermap.clustermap.zoom">2</option>
    <option name="viz_clustermap.clustermap.size">50</option>
    <option name="height">600</option>
        **<drilldown>
            <set token="my_latitude">$row.latitude$</set>
            <set token="form.my_latitude">$row.latitude$</set>
            <set token="my_longitude">$row.longitude$</set>
            <set token="form.my_longitude">$row.longitude$</set>
        </drilldown>** 
  </viz>
</panel>

It's ok, but these tokens that we create only get values of latitude an longitude for this value or summary that we have in the map, but we need a range to use them as a filter to show that info in a table panel:

 <panel depends="$panel_show1$">
  <title>Listado de Ataques</title>
  <table id="detail">
    <search base="bbase2">
      <query>eval IPs=destino+";"+origen | makemv delim=";" IPs | mvexpand IPs | iplocation IPs | search **lat=$my_latitude$ lon=$my_longitude$** | table RequestID, Site, t_creado, t_resuelto, notificado, t_vida, tipo, categoria, subcategoria, dispositivo, fuente, IPs, prioridad, estado, lat, lon, City, Country | sort - RequestID | eval t_vida=tostring(t_vida, "duration")</query>
    </search>
    <option name="wrap">undefined</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">none</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">11</option>
  </table>
</panel>

What do you think? How can we get that range to filter the info of the table panel according to the selected info in the map?

Thanks a lot in advance!!

1 Solution

ziegfried
Influencer

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

  • $click.bounds.south$
  • $click.bounds.east$
  • $click.bounds.north$
  • $click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

View solution in original post

ziegfried
Influencer

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

  • $click.bounds.south$
  • $click.bounds.east$
  • $click.bounds.north$
  • $click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

Javip
Path Finder

Your answer is perfect for me and based on it I've solved this little integration problem.

Thanks a lot!!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...