Hello Splunkers and mapping gurus,
I am building a cluster map which provide a sum of the amount of allocated vCPU and vMemory by Location:
<panel>
<title>Core and Memory Count by Location - Today</title>
<map>
<search>
<query>
index=summary_dev
| lookup location_v2 Location AS Location
| stats count by vCores, vMemoryGB, vm_name, Location, Latitude, Longitude
| dedup vm_name
| geostats latfield=Latitude longfield=Longitude globallimit=0 sum(vCores) AS "Cores", sum(vMemoryGB) AS "RAM" BY Location
</query>
<earliest>-24h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">all</option>
<option name="mapping.choroplethLayer.colorBins">5</option>
<option name="mapping.choroplethLayer.colorMode">auto</option>
<option name="mapping.choroplethLayer.maximumColor">0xDB5800</option>
<option name="mapping.choroplethLayer.minimumColor">0x2F25BA</option>
<option name="mapping.choroplethLayer.neutralPoint">0</option>
<option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
<option name="mapping.choroplethLayer.showBorder">1</option>
<option name="mapping.data.maxClusters">10000</option>
<option name="mapping.legend.placement">bottomright</option>
<option name="mapping.map.center">(39.833333,-98.583333)</option>
<option name="mapping.map.panning">1</option>
<option name="mapping.map.scrollZoom">0</option>
<option name="mapping.map.zoom">4</option>
<option name="mapping.markerLayer.markerMaxSize">50</option>
<option name="mapping.markerLayer.markerMinSize">10</option>
<option name="mapping.markerLayer.markerOpacity">0.8</option>
<option name="mapping.showTiles">1</option>
<option name="mapping.tileLayer.maxZoom">9</option>
<option name="mapping.tileLayer.minZoom">0</option>
<option name="mapping.tileLayer.tileOpacity">1</option>
<option name="mapping.type">marker</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</map>
</panel>
It works a treat and gives me this map:
And here are the stats:
Underneath these I have a row of single values which I want to drill down based on the location that the user clicks. E.g. if they click on the cluster bubble in Az, it'll give me the results for AZ, if they click on LA, it'll change to LA.
Search:
<search id="SUMMARY_VMHOST_CPURAM_CAPACITY_KPI" ref="SUMMARY:VM+HOST:CPU+RAM:CAPACITY:KPI">
<earliest>-24h</earliest>
<latest>now</latest>
</search>
<search base="SUMMARY_VMHOST_CPURAM_CAPACITY_KPI">
<query>search Location="$location$"</query>
<progress>
<set token="mem_value">$result.MEM_Capacity$</set>
<set token="mem_range">$result.MEM_Capacity_Range$</set>
</progress>
</search>
<search base="SUMMARY_VMHOST_CPURAM_CAPACITY_KPI">
<query>search Location="$location$"</query>
<progress>
<set token="cpu_value">$result.CPU_Capacity$</set>
<set token="cpu_range">$result.CPU_Capacity_Range$</set>
</progress>
</search>
Panels:
<panel>
<title>$location$ Memory Capacity Used %</title>
<html>
<div class="custom-result-value $mem_range$">
$mem_value$
</div>
<a href="#" class="btn-pill" data-set-token="show_mem_chart" data-value="show">
Show Chart
</a>
</html>
</panel>
<panel>
<title>$location$ CPU Capacity Used %</title>
<html>
<div class="custom-result-value $cpu_range$">
$cpu_value$
</div>
<a href="#" class="btn-pill" data-set-token="show_cpu_chart" data-value="show">
Show Chart
</a>
</html>
</panel>
The problem is, I don't know how I can pass the token for the location to the panels. The Clustermap doesn't seem to have that option. How can I create a drilldown such that it will pass the token $location$ based on the field value?
Thanks!!
