- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to assign colors to events by eventtype?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At splunk .conf2013 in one of the very last sessions a senior support guy showed how you can assign coloring to highlight events in eventview depending on their eventtype. I can not find the video of the session or any information of how he did it. There is more then one way of coloring custom views and all but i really really remember it being in the normal event view and i recall seeing that in splunk 6 it would now color the block in front of the event display plus some gui to configure it when creating a eventtype...
Anyone else recalls how this is done?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Silly me, it is available on the save as eventtype dialog. It is exposed in splunk 6 directly in this dialoge.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Silly me, it is available on the save as eventtype dialog. It is exposed in splunk 6 directly in this dialoge.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Although it isn't in the eventtype settings page- which is bizarre. How do you add colours to eventtypes defined manually?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have been trying to use this, but regardless of what color I assign, they are never returned in that color. All events are black regardless of even type color assignment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The coloring uses a referal in stylesheet in $SPLUNK/etc/system/local/event_renderers.conf those are css elements in $SPLUNK/etc/apps/search/appserver/static/application.css and just use the predefined ones:
classes used by eventtype renderer
.splEvent-et_blue .t { color:#00F; }
.splEvent-et_green .t { color:#0C0; }
.splEvent-et_magenta .t { color:#F09; }
.splEvent-et_orange .t { color:#F30; }
.splEvent-et_purple .t { color:#90C; }
.splEvent-et_red .t { color:#F00; }
.splEvent-et_sky .t { color:#09F; }
.splEvent-et_teal .t { color:#099; }
.splEvent-et_yellow .t { color:#990; }
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
