Splunk Search

If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

pinVie
Path Finder

Hello all,

I have a search that just produced the Top 10 clients regarding outgoing network traffic over the last 24 hours. What I'd like to do is to highlight the newest entries (e.g., write it in red) in this list or the ones that joined the list in the last 10 minutes.

I thought about creating two searches - both are the same, but the one uses data from 10 minutes ago. These searches are no problem, but I don't know how to merge the results and highlight the differences.

Can anybody help me with this ?

Thx a lot !

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.

Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.

https://splunkbase.splunk.com/app/1603/

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.

Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.

https://splunkbase.splunk.com/app/1603/

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...