All Apps and Add-ons

How can I get the latitude and longitude range when I click on map markers and use those values for a drilldown to a panel in the same dashboard?

Javip
Path Finder

Hi all this is my first question here since I'm Splunking...
I hope I can explain my problem...

I'm trying to use this App with Splunk 6.4 and it's running ok, but I need a drilldown using the values of the map to filter the results that we show in a table in the same dashboard. I'm testing the next, where I can create several tokens with latitude and longitude when we click on values in the map:

<panel depends="$panel_show1$">
  <title>Mapa</title>
  <viz type="viz_clustermap.clustermap">
    <search>
      <query>XXXXX</query>
      <earliest>$tiempo.earliest$</earliest>
      <latest>$tiempo.latest$</latest>
    </search>
    <option name="viz_clustermap.clustermap.lat">25.799891182088334</option>
    <option name="viz_clustermap.clustermap.lng">-0.52734375</option>
    <option name="viz_clustermap.clustermap.markerColor1">#65a637</option>
    <option name="viz_clustermap.clustermap.markerColor2">#ffbf00</option>
    <option name="viz_clustermap.clustermap.markerColor3">#ff0000</option>
    <option name="viz_clustermap.clustermap.markerColor4">#ff00ed</option>
    <option name="viz_clustermap.clustermap.maxClusters">120</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_0">0.[0]</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000">1.1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_10000">1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000000">1.1a</option>
    <option name="viz_clustermap.clustermap.tiles">light</option>
    <option name="viz_clustermap.clustermap.zoom">2</option>
    <option name="viz_clustermap.clustermap.size">50</option>
    <option name="height">600</option>
        **<drilldown>
            <set token="my_latitude">$row.latitude$</set>
            <set token="form.my_latitude">$row.latitude$</set>
            <set token="my_longitude">$row.longitude$</set>
            <set token="form.my_longitude">$row.longitude$</set>
        </drilldown>** 
  </viz>
</panel>

It's ok, but these tokens that we create only get values of latitude an longitude for this value or summary that we have in the map, but we need a range to use them as a filter to show that info in a table panel:

 <panel depends="$panel_show1$">
  <title>Listado de Ataques</title>
  <table id="detail">
    <search base="bbase2">
      <query>eval IPs=destino+";"+origen | makemv delim=";" IPs | mvexpand IPs | iplocation IPs | search **lat=$my_latitude$ lon=$my_longitude$** | table RequestID, Site, t_creado, t_resuelto, notificado, t_vida, tipo, categoria, subcategoria, dispositivo, fuente, IPs, prioridad, estado, lat, lon, City, Country | sort - RequestID | eval t_vida=tostring(t_vida, "duration")</query>
    </search>
    <option name="wrap">undefined</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">none</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">11</option>
  </table>
</panel>

What do you think? How can we get that range to filter the info of the table panel according to the selected info in the map?

Thanks a lot in advance!!

1 Solution

ziegfried
Influencer

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

  • $click.bounds.south$
  • $click.bounds.east$
  • $click.bounds.north$
  • $click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

View solution in original post

ziegfried
Influencer

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

  • $click.bounds.south$
  • $click.bounds.east$
  • $click.bounds.north$
  • $click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

Javip
Path Finder

Your answer is perfect for me and based on it I've solved this little integration problem.

Thanks a lot!!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...