Dashboards & Visualizations

Dashboards - Event Highlighting/Acknowledging

sendijsd
Engager

Greetings,

I am currently trying to implement a certain solution by sending logs from an analytics system over to Splunk for visualisation purposes. I have, however, currently hit a roadblock of sorts when trying to properly format and display critical events for usability purposes.
What I would like to know is whether there is a way to highlight newly received or specific events in a dashboard? This is critical from the user perspective because if the solution is horizontally scaled, there are going to be a lot of events populating the dashboards and missing a potential incident is not an option.
I have already created a dashboard and visually formatted it, with the current search string for the dashboard being: sourcetype=test host=xxxx string | fields _time, host, customfield | fields - _raw

alt text
The current structure of the dashboard is the following: Statistics table, Wrap results: false.

alt text
The ideal end result would be either highlighting certain events based on a specific string (for example "Persons" in the provided picture) or some sort of a solution where the user could "acknowledge" the events, marking them as "Seen" or any other similar solution.
I have read through a lot of the documentation already, but I haven't been able to find any solid information on the implementation of my desired result yet. Since I still consider myself to be rather new to Splunk, I was hoping that some of the more advanced users here would have a suggestion on how to proceed.

Thanks in advance!

0 Karma
1 Solution

cmerriman
Super Champion

This isn't going to necessarily highlight the entire row, but you can highlight the cell that you care about based on the value.
In the dashboard, click on the pencil the top right of the column, enable color based on values and enter the values/color that you're interested in highlighting.
alt text

Another way to go about highlighting those rows is by using JS and CSS. You can use this answer for reference: https://answers.splunk.com/answers/588394/change-the-color-of-rows-in-a-table-based-on-text-1.html

View solution in original post

0 Karma

cmerriman
Super Champion

This isn't going to necessarily highlight the entire row, but you can highlight the cell that you care about based on the value.
In the dashboard, click on the pencil the top right of the column, enable color based on values and enter the values/color that you're interested in highlighting.
alt text

Another way to go about highlighting those rows is by using JS and CSS. You can use this answer for reference: https://answers.splunk.com/answers/588394/change-the-color-of-rows-in-a-table-based-on-text-1.html

View solution in original post

0 Karma

sendijsd
Engager

Thanks, this is something along the lines of what I was expecting. I will try and investigate the customisation options further by using JS and CSS as you mentioned.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!