Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I pass value of a specific field as a token to next search with drilldown?

varad_joshi
Communicator
‎03-27-2017 12:46 PM

I want to pass the Country name when I click on my map. Country is one of the fields in the data. Say if I click on Keyna, I want Kenya to be passed as a token on the next search.

Here is what I am doing -

I have an inputlookup file where I have the list of countries and the coordinates.
Then on my index, I have the list of few countries. Running a join on lookup file and the indexed data.

Here is my search:

|inputlookup Countries.csv | join type=inner [search index=crm] | geostats latfield=latitude longfield=longitude binspanlat=1 binspanlong=1 count

This gets me the Blue dots on the map based on the indexed data. However I am not able to run the count by command.

Also I would like if the Name of the country appears next to the dot on the map.

Later, I want to know how to pass a specific field's value when I click on the Country. I want to pass the country name to next search. I know how to pass a token, I need to know how to pass a value from a specific field.

SOS!!!

Tags (2)
0 Karma
Reply

niketn
Legend
‎03-27-2017 01:41 PM

You need to code row.<YourFieldName> not result.<YourFieldName>

Code the map's <drilldown> event to capture field value of the clicked marker using row.<YourFieldName>

Refer to Splunk documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map_.28event_t...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

aholzel
Communicator
‎03-27-2017 01:19 PM

In thought it was something like $click.$ so in this case $click.Country$

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...