I have an app I'm building that contains an event panel. I know splunk comes with event type colors which I can enable through the UI and it does work just fine. However, I would like to add additional colors. And I am having difficulties trying to figure out how to get it to work. I have found several different splunk communication questions around this and I think I'm close to getting it to work. To my understanding I have to update 3 files (eventypes.conf, event_renderer.conf, and application.css) Here is an example of what I have tried: Eventtypes.conf [bin_rm] search = index=* sourcetype=*forensic* desc="*bin/rm*" OR short="*bin/rm*" tag=“deleted_data” Event_Renderers.conf [EventRenderer_bin_rm] eventtype = bin_rm css_class = EventRendererdeleted_data Application.css .splEvent-EventRendererdeleted_data .event{ background-color: #000000; color: #ffffff} For some reason this is not working, and I don't understand what I'm missing. I would like the > symbol under the i column to appear white with a black background when the eventtype matches. Also where is the application.css file supposed to be? I currently have it under appserver/static/application.css ... View more