Dashboards & Visualizations

Heatmap-style overlay at row level

southeringtonp
Motivator

Is there a way to highlight an entire row in a SimpleResultsTable based on the value of a single cell in that row?

Or to highlight one field in the row based on the value of another field?

I'm looking for something like the typical cell-based heatmap, but applied to the entire event, e.g., to highlight high-severity events.

rsennett_splunk
Splunk Employee
Splunk Employee

Still no "one click " way to accomplish this but I believe you can accomplish what you're looking for using css and javascript.

Start by looking at the answer here and follow the trail. You'll find examples of using css and javascript as well as a reference to an app that provides examples of how you might implement it (the app is for rowcolors).

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!

araitz
Splunk Employee
Splunk Employee

RicoSuave
Builder

I had the same problem, so instead of relying on a SimpleResultsTable, i used the SingleValue module + the stats count command with a rangemap applied to it.

0 Karma

southeringtonp
Motivator

What I had in mind was more for comparison against an absolute, pre-defined threshold, but even using the existing heatmap functionality would be a plus.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

e.g., if I have columns in a single table that are of widely vary magnitude across columns (but not within a column), the heatmap is much less useful.

gkanapathy
Splunk Employee
Splunk Employee

Yeah, I would like to see an option to have heatmap colors relative to the values present in a single column, rather than over all numeric values in a table.

Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...