@niketn
There is one search which i use to display a map in my first dashboard.
it drilldowns to the new next dashboard based on the lat/lon,
base search in 1st map dashbaord:
......
.......| stats max("count(xx)") as sessions, max(upperBound) as X, max(lowerBound) as Y by NPANXX,LAT,LNG
| geostats max(sessions) as sessions, max(X) as X, max(Y) as Y latfield=LAT longfield=LNG outputlatfield=LAT outputlongfield=LNG globallimit=0 | eval High_No_Of_Calls = if(sessions > $HIGH$,sessions,0)
| eval Medium_No_Of_Calls = if((sessions > $Medium$ AND sessions < $HIGH$ ),sessions,0) | eval Normal_No_Of_Calls = if(sessions <= $Medium$,sessions,0)
| fields - sessions, X, Y
drilldown search 1:
.........
......| stats max("count(xx)") as sessions, max(upperBound) as X, max(lowerBound) as Y by NPANXX,LAT,LNG | eval High_No_Of_Calls = if(sessions > $HIGH$,sessions,0)
| eval Medium_No_Of_Calls = if((sessions > $Medium$ AND sessions < $HIGH$ ),sessions,0) | eval Normal_No_Of_Calls = if(sessions <=$Medium$,sessions,0) | fields - sessions, X, Y| where LAT>=$lattitude1$ AND LAT<$lattitude2$ AND LNG>=$longitude1$ AND LNG<$longitude2$|table NPANXX,High_No_Of_Calls,Medium_No_Of_Calls,Normal_No_Of_Calls|where (High_No_Of_Calls=$High$ AND Medium_No_Of_Calls=$Med$ AND Normal_No_Of_Calls=$Normal$) |head 1|eval High_No_Of_Calls=$High$|eval Medium_No_Of_Calls=$Med$|eval Normal_No_Of_Calls=$Normal$|table NPANXX,High_No_Of_Calls,Medium_No_Of_Calls,Normal_No_Of_Calls
drilldownsearch 2:
| eventstats max("count(xx)") as sessions, max(upperBound) as X, max(lowerBound) as Y by NPANXX,LAT,LNG | eval High_No_Of_Calls = if(sessions >$HIGH$,sessions,0)
| eval Medium_No_Of_Calls = if((sessions > $Medium$ AND sessions < $HIGH$ ),sessions,0) | eval Normal_No_Of_Calls = if(sessions <=$Medium$,sessions,0) | fields - sessions, X, Y| where LAT>=$lattitude1$ AND LAT<$lattitude2$ AND LNG>=$longitude1$ AND LNG<$longitude2$
|table _time,....|where (High_No_Of_Calls=$High$ AND Medium_No_Of_Calls=$Med$ AND Normal_No_Of_Calls=$Normal$) OR (Medium_No_Of_Calls=$Med$ AND Normal_No_Of_Calls=$Normal$)|sort - _time|eval m=max($High$,$Med$,$Normal$) | streamstats c | where c<=m|table ....
Trying to work on the performance issue.
Thanks
... View more