Hello everyone,
I am still relatively new to Splunk. I would like to add an additionalTooltipField to my maps visualization, so that when you hover over a marker point, more data details about the marker appear.
I have formulated the following query:
source="NeueIP.csv" host="IP" sourcetype="csv"
| rename Breitengrad as latitude, L__ngengrad as longitude, Stadt as Stadt, Kurzbeschreibung as Beschreibung
| eval CPU_Auslastung = replace(CPU_Auslastung, "%","")
| eval CPU_Auslastung = tonumber(CPU_Auslastung)
| eval CPU_Color = case(
CPU_Auslastung > 80.0, "#de1d20",
CPU_Auslastung > 50.0, "#54afda",
true(), "#4ade1d"
)
| table Stadt, latitude, longitude, Kurzbeschreibung, Langbeschreibung, CPU_Auslastung, CPU_Color
| eval _time = now()
And I tried to adjust some things in the source code so that the additionalTooltipField appears. Last of all:
"visualizations": {
"viz_map_1": {
"type": "splunk.map",
"options": {
"center": [
50.35,
17.36
],
"zoom": 4,
"layers": [
{
"type": "marker",
"latitude": "> primary | seriesByName('latitude')",
"longitude": "> primary | seriesByName('longitude')",
"dataColors": ">primary | seriesByName(\"CPU_Auslastung\") | rangeValue(config)",
"additionalTooltipFields": ">primary | seriesByName(\"Stadt\")",
"markerOptions": {
"additionalTooltipFields": [
"Stadt",
"Kurzbeschreibung"
]
},
"hoverMarkerPanel": {
"enabled": true,
"fields": [
"Stadt",
"Kurzbeschreibung"
]
}
}
]
},
My sample data is as follows:
Stadt, Breitengrad, Längengrad, Kurzbeschreibung, Langbeschreibung, CPU_Auslastung |
Berlin, 52.52, 13.405, BE, Hauptstadt Deutschlands, 45% |
London, 51.5074, -0.1278, LDN, Hauptstadt des Vereinigten Königreichs, 65% |
Paris, 48.8566, 2.3522, PAR, Hauptstadt Frankreichs, 78% |
Is my plan possible?
Thanks for your help in advance!!
