Dashboards & Visualizations

AmMap Drilldown

Path Finder

I've been using the AmMap Example but I'd like to drilldown on a different field than 'ip'. I'm not sure where I can set this though.

Sometimes the field name is different than 'ip' so the drilldown would work better for me if it just searched the raw address instead

IE

instead of searching: ip=127.0.0.1

search just: 127.0.0.1

Great app BTW!

Tags (3)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi, You can simply set the iterator field to the field value you'd like to drill-down on. so instead of iterator=ip set it to iterator="someField" OR you can simply do iterator="" to have it just pass the value of the IP to the search.

View solution in original post

Splunk Employee
Splunk Employee

Hi, You can simply set the iterator field to the field value you'd like to drill-down on. so instead of iterator=ip set it to iterator="someField" OR you can simply do iterator="" to have it just pass the value of the IP to the search.

View solution in original post

Path Finder

Do you still need this? I can help you if you are willing to do some python programming (merely 1 or 2 lines of code)

Path Finder

Ok, lets see if I can guide you. Go to ...\Splunk\etc\apps\amMap\bin and open map_results.py . Serarch for "def format_threat_movies(geo_results):", inside that function check how the variable "url" gets its value. That's the search that will fire when you click on a ballon. You'll see there's a for sentence, inside that for replace this [ uniq_keys = uniq_keys + geo_results[key]["iterator"] + "%3D" + x + "%20OR%20" ] for this: [ uniq_keys = uniq_keys + x + "%20OR%20" ]

0 Karma

Path Finder

Yeah, that would be great. I'm completely comfortable writing the python, I think I'm just a little lost as to what part of the implementation needs to be tweaked.

0 Karma