topic Dashboards - Event Highlighting/Acknowledging in Dashboards & Visualizations

Dashboards - Event Highlighting/Acknowledging

sendijsd — Tue, 01 Oct 2019 13:19:44 GMT

Greetings,

I am currently trying to implement a certain solution by sending logs from an analytics system over to Splunk for visualisation purposes. I have, however, currently hit a roadblock of sorts when trying to properly format and display critical events for usability purposes.
What I would like to know is whether there is a way to highlight newly received or specific events in a dashboard? This is critical from the user perspective because if the solution is horizontally scaled, there are going to be a lot of events populating the dashboards and missing a potential incident is not an option.
I have already created a dashboard and visually formatted it, with the current search string for the dashboard being: sourcetype=test host=xxxx string | fields _time, host, customfield | fields - _raw

The current structure of the dashboard is the following: Statistics table, Wrap results: false.

The ideal end result would be either highlighting certain events based on a specific string (for example "Persons" in the provided picture) or some sort of a solution where the user could "acknowledge" the events, marking them as "Seen" or any other similar solution.
I have read through a lot of the documentation already, but I haven't been able to find any solid information on the implementation of my desired result yet. Since I still consider myself to be rather new to Splunk, I was hoping that some of the more advanced users here would have a suggestion on how to proceed.

Thanks in advance!

Re: Dashboards - Event Highlighting/Acknowledging

cmerriman — Tue, 01 Oct 2019 16:23:51 GMT

This isn't going to necessarily highlight the entire row, but you can highlight the cell that you care about based on the value.
In the dashboard, click on the pencil the top right of the column, enable color based on values and enter the values/color that you're interested in highlighting.

Another way to go about highlighting those rows is by using JS and CSS. You can use this answer for reference: https://answers.splunk.com/answers/588394/change-the-color-of-rows-in-a-table-based-on-text-1.html

Re: Dashboards - Event Highlighting/Acknowledging

sendijsd — Thu, 03 Oct 2019 06:27:54 GMT

Thanks, this is something along the lines of what I was expecting. I will try and investigate the customisation options further by using JS and CSS as you mentioned.