Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make rows in red color of a search output If some condition met

kml_uvce
Builder
‎11-13-2011 08:25 AM

I want to make rows in red color of a search output If some condition met like my search is
index="siebel_mon" SourceName=Siebel Message="Siebel 7 -" |fields _time,siebel_message,EventCode

, So in search output the row should be in red color If EventCode=113.
Please help me on this.
-Kamal

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Takajian
Builder
‎11-13-2011 03:23 PM

If you want to color your search result, you can use rangemap or eventtype with css. You can refer to following answer.

http://splunk-base.splunk.com/answers/8775/configure-colour-coded-results-by-default

Hope this help.

View solution in original post

Reply
Solved! Jump to solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎10-30-2014 08:51 AM

Check out the following app:

Splunk 6.x Dashboard Examples (https://apps.splunk.com/app/1603/)

This app includes an example, "Table Row Highlighting", that may be copied/used for your purposes.

Some things you'll need to do:

  • Add custom javascript to your app's appserver/static directory
  • Add custom css to your app's appserver/static directory
  • You will need to restart splunkd or splunkweb
  • Load these custom js/css files with your dashboard
  • Add id to your table element
  • Modify js to link to the table, cells, and to include the correct logic

Example source:

<dashboard script="table_row_highlighting.js" stylesheet="table_decorations.css">
    <label>Table Row Highlighting</label>

    <row>
        <table id="highlight">
            <title>Row Coloring</title>
            <searchString>index=_internal sourcetype=splunkd component=Metrics group=search_concurrency | eval user=coalesce(user, "system total") | bucket _time span=1h | stats avg(active_hist_searches) as active_hist_searches avg(active_realtime_searches) as active_realtime_searches by _time,user</searchString>
            <earliestTime>-24h</earliestTime>
            <option name="drilldown">none</option>
        </table>
    </row>

</dashboard>
0 Karma
Reply
Solved! Jump to solution
Solution

Takajian
Builder
‎11-13-2011 03:23 PM

If you want to color your search result, you can use rangemap or eventtype with css. You can refer to following answer.

http://splunk-base.splunk.com/answers/8775/configure-colour-coded-results-by-default

Hope this help.

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top