I don't see it in Nick's UI example app, but it looks like a powerful utility and I can't get it to work. What would be an example of the configuration needed to do something simple such as change the font size of an event in a table if it matched an event type? This is sort of a continuation of http://answers.splunk.com/questions/7378/modifying-css-to-colorize-table-rows-in-dashboard-panel-with-event-renderer-conf in general, but more pointed at successful use of event-renders.conf. ... View more

What Custom CSS config would I need in order to colorize the rows of a real-time dashboard table based on one of the values in that table? As to IT Bullgod's answer, here is my modified app configuration. eventtypes.conf in apps/app_name/default [FreeSpace_Green] search = name=mon-storage capacity>0 AND capacity<60 [FreeSpace_Yellow] search = name=mon-storage capacity>59 AND capacity<85 [FreeSpace_Red] search = name=mon-storage capacity>84 event_renderers.conf in apps/app_name/default [FreeSpaceGreen] eventtype = "FreeSpace_Green" css_class = FreeSpaceGreen [FreeSpaceYellow] eventtype = "FreeSpace_Yellow" css_class = FreeSpaceYellow [FreeSpaceRed] eventtype = "FreeSpace_Red" css_class = FreeSpaceRed application.css in apps/app_name/appserver/static .EventsViewer .splEvent-FreeSpaceGreen .event { color: green; } .EventsViewer .splEvent-FreeSpaceYellow .event { color: yellow; } .EventsViewer .splEvent-FreeSpaceRed .event { color: red; } dashboard_panel.xml in apps/app_name/default/data/ui/views <module name="HiddenSearch" layoutPanel="panel_row3_col1" group="TEST" autoRun="True"> <param name="search">eventtype="FreeSpace_Green"</param> <param name="latest">now</param> <param name="earliest">-15m</param> <module name="EnablePreview"> <param name="enable">true</param> <param name="display">false</param> <module name="SimpleResultsTable"> </module> When I view the dashboard, I see the table with the events, but they are not colorized. What am I doing wrong? ... View more

I have been digging into the advanced xml stuff lately, and have come across a hurdle with simply figuring out the correct modules I should be using for the panel I want to create. The panel would have a time picker, and a list selector that would have two keys. Each keys value would be a whole search string. After the time and search was picked it would create a line chart. I got the timerangepicker <module name="TimeRangePicker" layoutPanel="panel_row2_col1" group="Line Graph for Storage"> <param name="searchWhenChanged">true</param> <param name="default">last_24_hours</param> <param name="label">Time Range</param> </module> My question then is how I go from here by implementing the selector module with the two keys mapping to the two searches, and then the best module to generate a line graph. ... View more

I have splunk set up on a few redhat boxes, and I am getting duplicate events from them. One event will list the hostname as the FQDN which is fine, because thats how it is specified in server.conf. The duplicate event is being indexed as host equal to simply the hostname. What could be causing this? ... View more

If so, what are the details of your implementation? I am interested in monitoring Cache processes with Splunk. ... View more