Solved: Re: How can I get the latitude and longitude range...

Javip · ‎04-15-2016

Hi all this is my first question here since I'm Splunking...
I hope I can explain my problem...

I'm trying to use this App with Splunk 6.4 and it's running ok, but I need a drilldown using the values of the map to filter the results that we show in a table in the same dashboard. I'm testing the next, where I can create several tokens with latitude and longitude when we click on values in the map:

<panel depends="$panel_show1$">
  <title>Mapa</title>
  <viz type="viz_clustermap.clustermap">
    <search>
      <query>XXXXX</query>
      <earliest>$tiempo.earliest$</earliest>
      <latest>$tiempo.latest$</latest>
    </search>
    <option name="viz_clustermap.clustermap.lat">25.799891182088334</option>
    <option name="viz_clustermap.clustermap.lng">-0.52734375</option>
    <option name="viz_clustermap.clustermap.markerColor1">#65a637</option>
    <option name="viz_clustermap.clustermap.markerColor2">#ffbf00</option>
    <option name="viz_clustermap.clustermap.markerColor3">#ff0000</option>
    <option name="viz_clustermap.clustermap.markerColor4">#ff00ed</option>
    <option name="viz_clustermap.clustermap.maxClusters">120</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_0">0.[0]</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000">1.1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_10000">1a</option>
    <option name="viz_clustermap.clustermap.numberFormat_min_1000000">1.1a</option>
    <option name="viz_clustermap.clustermap.tiles">light</option>
    <option name="viz_clustermap.clustermap.zoom">2</option>
    <option name="viz_clustermap.clustermap.size">50</option>
    <option name="height">600</option>
        **<drilldown>
            <set token="my_latitude">$row.latitude$</set>
            <set token="form.my_latitude">$row.latitude$</set>
            <set token="my_longitude">$row.longitude$</set>
            <set token="form.my_longitude">$row.longitude$</set>
        </drilldown>** 
  </viz>
</panel>

It's ok, but these tokens that we create only get values of latitude an longitude for this value or summary that we have in the map, but we need a range to use them as a filter to show that info in a table panel:

 <panel depends="$panel_show1$">
  <title>Listado de Ataques</title>
  <table id="detail">
    <search base="bbase2">
      <query>eval IPs=destino+";"+origen | makemv delim=";" IPs | mvexpand IPs | iplocation IPs | search **lat=$my_latitude$ lon=$my_longitude$** | table RequestID, Site, t_creado, t_resuelto, notificado, t_vida, tipo, categoria, subcategoria, dispositivo, fuente, IPs, prioridad, estado, lat, lon, City, Country | sort - RequestID | eval t_vida=tostring(t_vida, "duration")</query>
    </search>
    <option name="wrap">undefined</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">none</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">11</option>
  </table>
</panel>

What do you think? How can we get that range to filter the info of the table panel according to the selected info in the map?

Thanks a lot in advance!!

ziegfried · ‎04-15-2016

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

$click.bounds.south$
$click.bounds.east$
$click.bounds.north$
$click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

View solution in original post

ziegfried · ‎04-15-2016

The click on the map will also expose a set of tokens denoting the bounds of the cluster:

$click.bounds.south$
$click.bounds.east$
$click.bounds.north$
$click.bounds.west$

Here's an example on how to enable what you're after:

<dashboard>
  <label>Cluster Map Drilldown Demo</label>
  <row>
    <panel>
      <viz type="viz_clustermap.clustermap">
        <search>
          <query>index=earthquakes | geostats latfield=latitude longfield=longitude max(mag) maxzoomlevel=18</query>
          <earliest></earliest>
          <latest></latest>
        </search>
        <drilldown>
          <set token="map.click.south">$click.bounds.south$</set>
          <set token="map.click.east">$click.bounds.east$</set>
          <set token="map.click.north">$click.bounds.north$</set>
          <set token="map.click.west">$click.bounds.west$</set>
        </drilldown>
      </viz>
    </panel>
    <panel>
      <table>
        <search>
          <query><![CDATA[index=earthquakes latitude>=$map.click.south$ latitude<$map.click.north$ longitude>=$map.click.west$ longitude<$map.click.east$ | table _time place mag depth]]></query>
        </search>
      </table>
    </panel>
  </row>
</dashboard>

Javip · ‎04-18-2016

Your answer is perfect for me and based on it I've solved this little integration problem.

Thanks a lot!!

How can I get the latitude and longitude range when I click on map markers and use those values for a drilldown to a panel in the same dashboard?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio