How To Pass Country Value From a Cluster Map using Drilldown

How To Pass Country Value From a Cluster Map using Drilldown

Hi guys!!

Today we will show you a new and interesting thing which you had not seen before.

We all know that in Drilldown option we can pass values between two or more panels using tokens.  Also it allows to pass values between two different dashboards. In case of Cluster map creating drilldown is little bit tricky.

Today we will show you how to pass Country values from a Cluster Map using drilldown.

Step 1:

We have created a sample dashboard.

Make a dashboard with cluster map visualization, then create  another panel in same dashboard with table format. The query for PANEL1 and PANEL2 are given below.

 PANEL1:

index=_internal sourcetype="splunkd_ui_access" 
|iplocation clientip
| geostats count by Country

PANEL2:

index=_internal sourcetype="splunkd_ui_access"  
| iplocation clientip prefix=client
| table client*

 

Step 2:

Now you can see  Edit option on the top right side of the dashboard . Click on Edit.

Step 3:

Now you can see Source option on the top left side of the dashboard. Click on Source.

Step 4:

Now edit the source code of dashboard as follows.

<option name=”drilldown”>all</option>

        <drilldown>
         <set token="map.click.south">$click.bounds.south$</set>
         <set token="map.click.east">$click.bounds.east$</set>
         <set token="map.click.north">$click.bounds.north$</set>
         <set token="map.click.west">$click.bounds.west$</set>
       </drilldown>

First of all set all in drilldown option . Then add the drilldown tag in your source code. Then carefully see the tokens which have been given above.

click.bounds.south  is the token which tell us the value of south coordinate, where we clicked in the map. In same  click.bounds.east,  click.bounds.north,  click.bounds.west tell us the value of east,north,west respectively.

So, we can easily find the latitude and longitude values.

Then click Save button and Refresh(ctrl+r) the page.

NOTE: In the options <option name=”charting.drilldown”>all</option> is set as all. Otherwise your drilldown will be not working. 

Step 5: 

You have to pass the token inside the query of  second panel to get the data depending upon the token value.

At that time, we will click in Edit button and will go in PANEL2. Then click in Edit search Option and add a line in Query portion. The line is given below.

| search clientlat >= $map.click.south$ clientlat <= $map.click.north$ clientlon >= $map.click.west$ clientlon <= $map.click.east$

Then click on the Apply button and then click in Save button.

Now in the dashboard PANEL2 is depends upon token values of PANEL1. When you click any portion in the cluster map then for that particular Country you will get the output in below panel. For more information about geostats command and iplocation command you can visit Usage of Splunk commands : GEOSTATS and Usage of Splunk commands  : IPLOCATION

Hope this has helped you in achieving the below requirement without fail !!

How To Pass Country Value From a Cluster Map using Drilldown

 

Happy Splunking !!

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.