Greetings,
I am currently trying to implement a certain solution by sending logs from an analytics system over to Splunk for visualisation purposes. I have, however, currently hit a roadblock of sorts when trying to properly format and display critical events for usability purposes.
What I would like to know is whether there is a way to highlight newly received or specific events in a dashboard? This is critical from the user perspective because if the solution is horizontally scaled, there are going to be a lot of events populating the dashboards and missing a potential incident is not an option.
I have already created a dashboard and visually formatted it, with the current search string for the dashboard being: sourcetype=test host=xxxx *string* | fields _time, host, customfield | fields - _raw
![alt text][1]
The current structure of the dashboard is the following: Statistics table, Wrap results: false.
![alt text][2]
The ideal end result would be either highlighting certain events based on a specific string (for example "Persons" in the provided picture) or some sort of a solution where the user could "acknowledge" the events, marking them as "Seen" or any other similar solution.
I have read through a lot of the documentation already, but I haven't been able to find any solid information on the implementation of my desired result yet. Since I still consider myself to be rather new to Splunk, I was hoping that some of the more advanced users here would have a suggestion on how to proceed.
Thanks in advance!
[1]: /storage/temp/275751-example1.jpg
[2]: /storage/temp/275752-neededresult.jpg
↧