Good Afternoon,
i am working with geostats command using filter "by", i want to execute a drilldown, i have two pie charts with different coordinates, each pie chart is determined by the filter (geostats lat lon count by option). The map with geostats is a chart table originally and each option is a title. When i want to choose an option clicking value, the drilldown always chooses the first option of the table, never allows to choose other option, although that did click in other option.
I need to choose yellow one, but if i click on this option, it always selects the green one
@evinasco, If you create the drilldown based on $click.name$
and $click.value$
in map with multiple splits for same location, it will fetch only the first split field value ( refer to Splunk documentation on map drilldown tokens)
This is a limitation of map drilldown, so you would need to report an enhancement to Map visualization drilldown if you have valid Splunk entitlement.
Meanwhile, please refer to one of the workaround for drilldown using JavaScript in Cluster Map with multiple splits
that I had provided a little while back. Since field names can not be extracted from the Map chart element (HTML DOM), I had created a color based drilldown where charting.fieldColors
was used to color specific split fields. If you have handful of split fields you can extend the concept explained in the answer which actually caters to only two fields:
https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html
@evinasco, If you create the drilldown based on $click.name$
and $click.value$
in map with multiple splits for same location, it will fetch only the first split field value ( refer to Splunk documentation on map drilldown tokens)
This is a limitation of map drilldown, so you would need to report an enhancement to Map visualization drilldown if you have valid Splunk entitlement.
Meanwhile, please refer to one of the workaround for drilldown using JavaScript in Cluster Map with multiple splits
that I had provided a little while back. Since field names can not be extracted from the Map chart element (HTML DOM), I had created a color based drilldown where charting.fieldColors
was used to color specific split fields. If you have handful of split fields you can extend the concept explained in the answer which actually caters to only two fields:
https://answers.splunk.com/answers/613088/how-to-redirect-to-two-urls-from-a-cluster-map.html
hi i was looking out your post link and i have handful of split fields where i do not know which one could be, today can be ones and tomorrow others, then i can not specifically refer to some fields.
When you say "if you have Splunk Entitlement, you should request an enhancement to Clustered Map Visualization", what do you mean by that? or how can i requets that?
regards
If you have opted for Splunk Support along with Splunk Enterprise License you should have a entitlement # through which you can request an enhancement.
While the above approach does not need Fields to be in same sequence, it does however, require all the fields to be present. So dummy 0 count for missing fields would need to be added. Possibly by appendcols command or even before (directly in stats command) iplocation/geostats are used to fill in location details and geo coordinates.
Hi
thanks for your help,
what specifically i should say to Splunk Support, is the entitlement # like a support case number?, should I say that I requiere an enhancement for Cluster Map Visualization like a new version of Cluster Map Visualization APP?
Regards
Entitlement allows you to open support cases. If you have done that in the past. Report to them the issue that you are facing with the limitation of Cluster Map visualization in Splunk. Refer them to this question on Splunk Answers for details. Let them reach out to you with whether there is a workaround or not. If not still they will inform you whether Splunk team will proceed with enhancement or not.
Once you get either a workaround or an enhancement ticket number, you can update the same here for reference and when your issue is resolved accept the same as answer.
Hi
I decided to use Clustering Single Map while, I request an enhancement request to Splunk, I want to thnak you for your help.
@evinasco, Once you have Request Number you can update the same here for future reference and updates. All the best 🙂
@evinasco, how many splits can you have through the by clause
in geostats? Would it be just 2 for example TMK1
as one of the two values? Can the two options be displayed as Single Pie with two Slices? Is the Zoom on map fixed or users can zoom out/zoom in?
Would it be possible for you to share the code you are using?
@niketnilay thanks for you comment, in this moment i have two splits with different coordinates, but i could have several splits in differents coordinates or in the same coordinates, with respect to zoom, the users can do that with double click over the zone or with zoom out and zoom in.
code
<panel>
<map>
<search>
<query>index=example sourcetype=sexample
| lookup devices Nodo AS Nodo OUTPUTNEW Latitud Longitud
| rename Latitud as latitud, Longitud as longitud
| rex field=Description mode=sed "s/^[down down |*down down |up up ]//g"
| eval Description=if((isnull(Description) OR Description=""),"LIBRE -- libre",Description)
| eval Estado=case((like(PortState,"%UP%") AND like(Description,"%LIBRE%")),"Libre",
(PortState="down" OR PortState="Down"),"Libre",1==1,"Ocupado")
| stats count(puerto) as Total count(eval(Estado="Libre")) as Libres
count(eval(Estado="Ocupado")) as Ocupados values(latitud) as latitud values(longitud) as
longitud by Nodo
| eval ocupacion=round(((Ocupados*100)/Total),0)
| geostats latfield=latitud longfield=longitud values(ocupacion) as count by Nodo
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">all</option>
<option name="mapping.data.maxClusters">100</option>
<option name="mapping.fieldColors">{"error":0xFF0000,"warn":0xFFFF00,"info":0x00FF00}</option>
<option name="mapping.map.center">(-23.59484,-46.68712)</option>
<option name="mapping.map.zoom">3</option>
<option name="mapping.markerLayer.markerMaxSize">31</option>
<option name="mapping.markerLayer.markerMinSize">30</option>
<option name="mapping.seriesColors">[0x6dc066,0xffd700,0xe60026]</option>
<option name="mapping.tileLayer.maxZoom">19</option>
<option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option>
<option name="mapping.type">marker</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<drilldown>
<set token="Nodo">$click.name$</set>
</drilldown>
</map>
</panel>