I have a search that just produced the Top 10 clients regarding outgoing network traffic over the last 24 hours. What I'd like to do is to highlight the newest entries (e.g., write it in red) in this list or the ones that joined the list in the last 10 minutes.
I thought about creating two searches - both are the same, but the one uses data from 10 minutes ago. These searches are no problem, but I don't know how to merge the results and highlight the differences.
You can download the Splunk 6.x Dashboard example app and see the Table example, specifically "Table Row Highlighting" dashboard, there you can color a row based on custom condition of the value of field.
Now in your search, you can add a column with some high value for the rows which were added in last 10 mins and highlight them using the example above.