Solved: If I have a search that produces a top 10 list ove...

pinVie · ‎08-26-2015

Hello all,

I have a search that just produced the Top 10 clients regarding outgoing network traffic over the last 24 hours. What I'd like to do is to highlight the newest entries (e.g., write it in red) in this list or the ones that joined the list in the last 10 minutes.

I thought about creating two searches - both are the same, but the one uses data from 10 minutes ago. These searches are no problem, but I don't know how to merge the results and highlight the differences.

Can anybody help me with this ?

Thx a lot !

somesoni2 · ‎08-26-2015

You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.

Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.

https://splunkbase.splunk.com/app/1603/

View solution in original post

somesoni2 · ‎08-26-2015

You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.

Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.

https://splunkbase.splunk.com/app/1603/

If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...