Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I pass value of a specific field as a token to next search with drilldown?

varad_joshi
Communicator
‎03-27-2017 12:46 PM

I want to pass the Country name when I click on my map. Country is one of the fields in the data. Say if I click on Keyna, I want Kenya to be passed as a token on the next search.

Here is what I am doing -

I have an inputlookup file where I have the list of countries and the coordinates.
Then on my index, I have the list of few countries. Running a join on lookup file and the indexed data.

Here is my search:

|inputlookup Countries.csv | join type=inner [search index=crm] | geostats latfield=latitude longfield=longitude binspanlat=1 binspanlong=1 count

This gets me the Blue dots on the map based on the indexed data. However I am not able to run the count by command.

Also I would like if the Name of the country appears next to the dot on the map.

Later, I want to know how to pass a specific field's value when I click on the Country. I want to pass the country name to next search. I know how to pass a token, I need to know how to pass a value from a specific field.

SOS!!!

Tags (2)
0 Karma
Reply

niketn
Legend
‎03-27-2017 01:41 PM

You need to code row.<YourFieldName> not result.<YourFieldName>

Code the map's <drilldown> event to capture field value of the clicked marker using row.<YourFieldName>

Refer to Splunk documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map_.28event_t...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

aholzel
Communicator
‎03-27-2017 01:19 PM

In thought it was something like $click.$ so in this case $click.Country$

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...