Dashboards & Visualizations

Dashboards - Event Highlighting/Acknowledging

sendijsd
Engager

Greetings,

I am currently trying to implement a certain solution by sending logs from an analytics system over to Splunk for visualisation purposes. I have, however, currently hit a roadblock of sorts when trying to properly format and display critical events for usability purposes.
What I would like to know is whether there is a way to highlight newly received or specific events in a dashboard? This is critical from the user perspective because if the solution is horizontally scaled, there are going to be a lot of events populating the dashboards and missing a potential incident is not an option.
I have already created a dashboard and visually formatted it, with the current search string for the dashboard being: sourcetype=test host=xxxx string | fields _time, host, customfield | fields - _raw

alt text
The current structure of the dashboard is the following: Statistics table, Wrap results: false.

alt text
The ideal end result would be either highlighting certain events based on a specific string (for example "Persons" in the provided picture) or some sort of a solution where the user could "acknowledge" the events, marking them as "Seen" or any other similar solution.
I have read through a lot of the documentation already, but I haven't been able to find any solid information on the implementation of my desired result yet. Since I still consider myself to be rather new to Splunk, I was hoping that some of the more advanced users here would have a suggestion on how to proceed.

Thanks in advance!

0 Karma
1 Solution

cmerriman
Super Champion

This isn't going to necessarily highlight the entire row, but you can highlight the cell that you care about based on the value.
In the dashboard, click on the pencil the top right of the column, enable color based on values and enter the values/color that you're interested in highlighting.
alt text

Another way to go about highlighting those rows is by using JS and CSS. You can use this answer for reference: https://answers.splunk.com/answers/588394/change-the-color-of-rows-in-a-table-based-on-text-1.html

View solution in original post

0 Karma

cmerriman
Super Champion

This isn't going to necessarily highlight the entire row, but you can highlight the cell that you care about based on the value.
In the dashboard, click on the pencil the top right of the column, enable color based on values and enter the values/color that you're interested in highlighting.
alt text

Another way to go about highlighting those rows is by using JS and CSS. You can use this answer for reference: https://answers.splunk.com/answers/588394/change-the-color-of-rows-in-a-table-based-on-text-1.html

0 Karma

sendijsd
Engager

Thanks, this is something along the lines of what I was expecting. I will try and investigate the customisation options further by using JS and CSS as you mentioned.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...