Custom Cluster Map Drilldown By Lat / Long Bounds

anholzer · ‎05-21-2019

I am currently working on creating a drill down search from a custom cluster map. I want a set of data associated between the Latitude & Longitudinal values depending on the zoom of the map & user click. I can get my xml subquery to work when I bound the upper limit of Latitude and Longitude, but if I try to bound by both the upper and lower limits, the page that appears has the about:blank webpage. The xml code for my drilldown is below. Can anyone help on how to limit these values and have the search window appear & work (note the below code works, just does not limit on all sides like required). Or is there a different approach that I may not know of?

     <drilldown>
      <link target="_blank">
        <![CDATA[
          search?q=index=my_index sourcetype="my_source"

          | eval PresentedCapacity_TB=(PresentedCapacity/1024)
          | dedup Array HOST
          | table Lat Long DataCenter Array HOST PresentedCapacity_TB
          | search (Lat>=$click.bounds.south$ ) AND (Long>=$click.bounds.west$ )
          &earliest=-24h@h&latest=now
          ]]>
      </link>
    </drilldown>

Custom Cluster Map Drilldown By Lat / Long Bounds

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?