I have an app I'm building that contains an event panel. I know splunk comes with event type colors which I can enable through the UI and it does work just fine. However, I would like to add additional colors. And I am having difficulties trying to figure out how to get it to work. I have found several different splunk communication questions around this and I think I'm close to getting it to work.
To my understanding I have to update 3 files (eventypes.conf, event_renderer.conf, and application.css)
Here is an example of what I have tried:
search = index=* sourcetype=*forensic* desc="*bin/rm*" OR short="*bin/rm*" tag=“deleted_data”