Is it possible to change the assigned color of a s...

claudio_manig · ‎03-19-2015

Is it not possible to change an assigned color of a specific eventtype within the Splunk Web settings? Moreover, if you create an Eventtype by Settings/Eventtypes "New", there is no option to set a color. Am I wrong? Do I have to change the color directly in the file?

conor_splunk · ‎02-24-2016

In your app (I'll use the default search app as the example though) you edit the event_renderers.conf file. For the default search app this would be under Splunk/etc/users/%user% (for example admin)/search/local. In this file you will find an example like below.

[eventtype_name_stanza]
css_class = et_red
eventtype = eventtype_name
priority = 6

The colour is being set by "css_class = et_red" from the file application.css which for the default search app would be under Splunk/etc/apps/search/appserver/static. You can even play with this real time in Firefox or Chrome by editing the html on the search results page.

By default it will be like so (standard white no eventtype colours).

<td class="expands " tabindex="0"><a><i class="icon-triangle-right-small"></i></a></td>

If you edit the html to be purple you will see it change.

<td class="expands et_purple" tabindex="0"><a><i class="icon-triangle-right-small"></i></a></td>

ngatchasandra · ‎03-19-2015

Hi,
Only take eventtype's search string and rerun. Save as eventtype with a same name and give him a new color.

claudio_manig · ‎03-20-2015

That won't work as it allready exists and you can not save an object with the same name with different configs--

harshal_chakran · ‎03-19-2015

Hi,
You can refer to this link :
Define Eventtypes

claudio_manig · ‎03-20-2015

There is nothing refering to my question in the docs...

Is it possible to change the assigned color of a specific eventtype in Splunk Web?

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform