Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make rows in red color of a search output If some condition met

kml_uvce
Builder
‎11-13-2011 08:25 AM

I want to make rows in red color of a search output If some condition met like my search is
index="siebel_mon" SourceName=Siebel Message="Siebel 7 -" |fields _time,siebel_message,EventCode

, So in search output the row should be in red color If EventCode=113.
Please help me on this.
-Kamal

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Takajian
Builder
‎11-13-2011 03:23 PM

If you want to color your search result, you can use rangemap or eventtype with css. You can refer to following answer.

http://splunk-base.splunk.com/answers/8775/configure-colour-coded-results-by-default

Hope this help.

View solution in original post

Reply
Solved! Jump to solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎10-30-2014 08:51 AM

Check out the following app:

Splunk 6.x Dashboard Examples (https://apps.splunk.com/app/1603/)

This app includes an example, "Table Row Highlighting", that may be copied/used for your purposes.

Some things you'll need to do:

  • Add custom javascript to your app's appserver/static directory
  • Add custom css to your app's appserver/static directory
  • You will need to restart splunkd or splunkweb
  • Load these custom js/css files with your dashboard
  • Add id to your table element
  • Modify js to link to the table, cells, and to include the correct logic

Example source:

<dashboard script="table_row_highlighting.js" stylesheet="table_decorations.css">
    <label>Table Row Highlighting</label>

    <row>
        <table id="highlight">
            <title>Row Coloring</title>
            <searchString>index=_internal sourcetype=splunkd component=Metrics group=search_concurrency | eval user=coalesce(user, "system total") | bucket _time span=1h | stats avg(active_hist_searches) as active_hist_searches avg(active_realtime_searches) as active_realtime_searches by _time,user</searchString>
            <earliestTime>-24h</earliestTime>
            <option name="drilldown">none</option>
        </table>
    </row>

</dashboard>
0 Karma
Reply
Solved! Jump to solution
Solution

Takajian
Builder
‎11-13-2011 03:23 PM

If you want to color your search result, you can use rangemap or eventtype with css. You can refer to following answer.

http://splunk-base.splunk.com/answers/8775/configure-colour-coded-results-by-default

Hope this help.

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...