- Community
- :
- Splunk Answers
- :
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Apply filters to a Google Map module (Advanced XML...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apply filters to a Google Map module (Advanced XML Dashboard)
So I am having a difficult time getting the filters that I've used for my dashboard results to also filter on the search that my Google Map is running. If I insert the same search text, I get an error and no ip graphing occurs. See example code below. This will run and give me a realtime updating map for all of my results. But if I try to insert the filter '| search Asset="$Asset$"' into the search used for the Google Map, I get no results and error flashes.
<module name="SearchSelectLister">
<param name="settingToCreate">Asset</param>
<param name="label">Asset</param>
<param name="staticFieldsToDisplay">
<list>
<param name="label">All</param>
<param name="value">*</param>
</list>
</param>
<param name="applyOuterIntentionsToInternalSearch">True</param>
<param name="selected">*</param>
<param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
| rename Field2 as Asset | fields Asset | dedup Asset | sort Asset</param>
<param name="earliest">-5m</param>
<param name="searchFieldsToDisplay">
<list>
<param name="label">Asset</param>
<param name="value">Asset</param>
</list>
</param>
<module name="ConvertToIntention">
<param name="settingToConvert">Asset</param>
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="Asset">
<param name="value">$target$</param>
</param>
</param>
</param>
<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="True">
<param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
| rename Field2 as Asset
| stats count by _time, Field3, Asset, Field4, Field5, Field6, Field7, ip
| search Asset="$Asset$" </param>
<module name="HiddenSearch" layoutPanel="panel_row1_col2" autoRun="true">
<param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True ip=* Field1="ValueA"
| stats count by ip | geoip ip </param>
<param name="earliest">rt-5m</param>
<param name="latest">rt-5s</param>
<module name="GoogleMaps">
<param name="center">39.027719,-96.429749</param>
<param name="height">380px</param>
<param name="mapType">roadmap</param>
<param name="scrollwheel">off</param>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try using SideView Module "Search" instead of HiddenSearch
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How would I do this? I am unfamiliar with SideView
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to clarify the above runs and I get mapped results. If I use the drop down and filter my events, my dashboard contents get filtered correctly but my map stays reporting the same search.
If I put in the "filter language" of
| search Asset="$Asset$"
into my map search, I get zero results on my map.
How can I add filters or get the SearchSelectLister module to work with Google Maps module?
There's No Place Like Chrome and the Splunk Platform
The Great Resilience Quest: 5th Leaderboard Update
Devesh Logendran, Splunk, and the Singapore Cyber Conquest
