Dashboards & Visualizations

How do you colorize event types, so the i column in the search results is colored?

Explorer

I have an app I'm building that contains an event panel. I know splunk comes with event type colors which I can enable through the UI and it does work just fine. However, I would like to add additional colors. And I am having difficulties trying to figure out how to get it to work. I have found several different splunk communication questions around this and I think I'm close to getting it to work.

To my understanding I have to update 3 files (eventypes.conf, event_renderer.conf, and application.css)

Here is an example of what I have tried:

Eventtypes.conf

[bin_rm]
search = index=* sourcetype=*forensic* desc="*bin/rm*" OR short="*bin/rm*" tag=“deleted_data”

Event_Renderers.conf

[EventRenderer_bin_rm]
eventtype = bin_rm 
css_class = EventRendererdeleted_data

Application.css

.splEvent-EventRendererdeleted_data .event{ background-color: #000000; color: #ffffff}

For some reason this is not working, and I don't understand what I'm missing. I would like the > symbol under the i column to appear white with a black background when the eventtype matches.

Also where is the application.css file supposed to be? I currently have it under appserver/static/application.css

Tags (2)
0 Karma