Apply filters to a Google Map module (Advanced XML...

jluste · ‎11-21-2012

So I am having a difficult time getting the filters that I've used for my dashboard results to also filter on the search that my Google Map is running. If I insert the same search text, I get an error and no ip graphing occurs. See example code below. This will run and give me a realtime updating map for all of my results. But if I try to insert the filter '| search Asset="$Asset$"' into the search used for the Google Map, I get no results and error flashes.

 <module name="SearchSelectLister">
        <param name="settingToCreate">Asset</param>
        <param name="label">Asset</param>           
              <param name="staticFieldsToDisplay">
      <list>
    <param name="label">All</param>
    <param name="value">*</param>
      </list>
        </param>
        <param name="applyOuterIntentionsToInternalSearch">True</param>
             <param name="selected">*</param>
        <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
| rename Field2 as Asset | fields Asset | dedup Asset | sort Asset</param>
        <param name="earliest">-5m</param>
          <param name="searchFieldsToDisplay">
            <list>
                <param name="label">Asset</param>
                <param name="value">Asset</param>
            </list>
        </param>
    <module name="ConvertToIntention">
          <param name="settingToConvert">Asset</param>
          <param name="intention">
            <param name="name">stringreplace</param>
            <param name="arg">
              <param name="Asset">
                <param name="value">$target$</param>
              </param>
            </param>
          </param>         

        <module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="True">
        <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True Field1="ValueA"
    | rename Field2 as Asset 
| stats count by _time, Field3, Asset, Field4, Field5, Field6, Field7, ip
| search Asset="$Asset$" </param>

       <module name="HiddenSearch" layoutPanel="panel_row1_col2" autoRun="true">
         <param name="search">sourcetype=sourcetype source="/pathoflog/Events.log" tag=prod BoolField=True ip=* Field1="ValueA"
| stats count by ip |  geoip ip </param>
        <param name="earliest">rt-5m</param>
        <param name="latest">rt-5s</param>
         <module name="GoogleMaps">
           <param name="center">39.027719,-96.429749</param>
             <param name="height">380px</param>
             <param name="mapType">roadmap</param>
             <param name="scrollwheel">off</param>
         </module>
     </module>

stefano_guidoba · ‎03-06-2013

Try using SideView Module "Search" instead of HiddenSearch

jluste · ‎08-09-2013

How would I do this? I am unfamiliar with SideView

jluste · ‎12-05-2012

I want to clarify the above runs and I get mapped results. If I use the drop down and filter my events, my dashboard contents get filtered correctly but my map stays reporting the same search.

If I put in the "filter language" of
| search Asset="$Asset$"
into my map search, I get zero results on my map.

How can I add filters or get the SearchSelectLister module to work with Google Maps module?

Apply filters to a Google Map module (Advanced XML Dashboard)

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation