All Apps and Add-ons

AmMap realtime view is not showing the locations with respect to real time ?

ranjyotiprakash
Communicator

In my custom splunk app, which reads the logs generated by Barracuda web Application Firewall. I have a dashboard which has amMap flash map to show the location of client_ip present in the logs. But, the map is showing incorrect location for the client_ip.

The app is having two views as it is in amMap Splunk app - one is showing the count of IPs for all time and second is showing the count of IPs for the last 1 hour realtime. But the realtime map is showing the same results on the map as it is on the first map.

How can the realtime map be configured to show only the last 1 hour results on the map ?

Thanks..

0 Karma
1 Solution

lloydd518
Path Finder

Have you made your searches write their output to two separate XML files?

eval output_file="flash_map1_data.xml" | eval app="amMap" | lookup geoip clientip as src_ip | mapit.....

eval output_file="flash_map2_data.xml" | eval app="amMap" | lookup geoip clientip as src_ip | mapit

And edit the HTML flash code to read from these two separate files?

View solution in original post

0 Karma

lloydd518
Path Finder

Have you made your searches write their output to two separate XML files?

eval output_file="flash_map1_data.xml" | eval app="amMap" | lookup geoip clientip as src_ip | mapit.....

eval output_file="flash_map2_data.xml" | eval app="amMap" | lookup geoip clientip as src_ip | mapit

And edit the HTML flash code to read from these two separate files?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...