Splunk Search
Highlighted

If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

Path Finder

Hello all,

I have a search that just produced the Top 10 clients regarding outgoing network traffic over the last 24 hours. What I'd like to do is to highlight the newest entries (e.g., write it in red) in this list or the ones that joined the list in the last 10 minutes.

I thought about creating two searches - both are the same, but the one uses data from 10 minutes ago. These searches are no problem, but I don't know how to merge the results and highlight the differences.

Can anybody help me with this ?

Thx a lot !

0 Karma
Highlighted

Re: If I have a search that produces a top 10 list over the last 24 hours, how do I highlight new entries in the list??

SplunkTrust
SplunkTrust

You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.

Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.

https://splunkbase.splunk.com/app/1603/

View solution in original post