Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Color appended search results?

dondky
Path Finder
‎02-10-2014 08:40 AM

All,

Is it possible to assign your appended search a separate color so it's easier to spot appended events in the timeline view?

eventtype=opsec_drop 127.0.0.1 tcp_flags="PUSH-ACK" | append [search sourcetype=access_combined source="/var/log/httpd/example_*"]

The thought is that it would allow us to quickly narrow down exactly where two events occurred.

Thanks

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-10-2014 09:41 AM

Define eventtypes for each, do one search (no subsearch append stuff) like this:

eventtype=type_one OR eventtype=type_two

and configure your two eventtypes with different colours.

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-11-2014 11:52 AM

The colours appear in the displayed raw events.

0 Karma
Reply

dondky
Path Finder
‎02-10-2014 03:11 PM

Thanks, to be clear this is to customize the timeline display during a search correct?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...