All Apps and Add-ons

Apply filters to a Google Map module (Advanced XML Dashboard)

jluste
Path Finder

So I am having a difficult time getting the filters that I've used for my dashboard results to also filter on the search that my Google Map is running. If I insert the same search text, I get an error and no ip graphing occurs. See example code below. This will run and give me a realtime updating map for all of my results. But if I try to insert the filter '| search Asset="$Asset$"' into the search used for the Google Map, I get no results and error flashes.

 <module name="SearchSelectLister">
        <param name="settingToCreate">Asset</param>
        <param name="label">Asset</param>           
              <param name="staticFieldsToDisplay">
      <list>
    <param name="label">All</param>
    <param name="value">*</param>
      </list>
        </param>
        <param name="applyOuterIntentionsToInternalSearch">True</param>
             <param name="selected">*</param>
        <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
| rename Field2 as Asset | fields Asset | dedup Asset | sort Asset</param>
        <param name="earliest">-5m</param>
          <param name="searchFieldsToDisplay">
            <list>
                <param name="label">Asset</param>
                <param name="value">Asset</param>
            </list>
        </param>
    <module name="ConvertToIntention">
          <param name="settingToConvert">Asset</param>
          <param name="intention">
            <param name="name">stringreplace</param>
            <param name="arg">
              <param name="Asset">
                <param name="value">$target$</param>
              </param>
            </param>
          </param>         

        <module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="True">
        <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
    | rename Field2 as Asset 
| stats count by _time, Field3, Asset, Field4, Field5, Field6, Field7, ip
| search Asset="$Asset$" </param>

       <module name="HiddenSearch" layoutPanel="panel_row1_col2" autoRun="true">
         <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True ip=* Field1="ValueA"
| stats count by ip |  geoip ip </param>
        <param name="earliest">rt-5m</param>
        <param name="latest">rt-5s</param>
         <module name="GoogleMaps">
           <param name="center">39.027719,-96.429749</param>
             <param name="height">380px</param>
             <param name="mapType">roadmap</param>
             <param name="scrollwheel">off</param>
         </module>
     </module>
0 Karma

stefano_guidoba
Communicator

Try using SideView Module "Search" instead of HiddenSearch

0 Karma

jluste
Path Finder

How would I do this? I am unfamiliar with SideView

0 Karma

jluste
Path Finder

I want to clarify the above runs and I get mapped results. If I use the drop down and filter my events, my dashboard contents get filtered correctly but my map stays reporting the same search.

If I put in the "filter language" of
| search Asset="$Asset$"
into my map search, I get zero results on my map.

How can I add filters or get the SearchSelectLister module to work with Google Maps module?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...