Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to hide search string in the link for my dashboards?

C_Sparn
Communicator
‎08-04-2014 06:10 AM

Hello,
when I open my dashboards the search string is embedded in the link. How can I hide the string, that nobody can change the search?

Greetings

Tags (3)
0 Karma
Reply

guilmxm
Influencer
‎08-06-2014 05:00 AM

In simple xml, you could do this:

You can hide the tool bar using css to prevent users from accessing to the search.

.dashboard-row2 .paxnel-footer {
display: none;
}

Then deactivate any drilldown in your view

0 Karma
Reply

guilmxm
Influencer
‎08-14-2014 02:01 AM

Sorry, out of idea 🙂

0 Karma
Reply

C_Sparn
Communicator
‎08-13-2014 11:37 PM

No sorry but does not help in my case.

0 Karma
Reply

guilmxm
Influencer
‎08-12-2014 01:00 AM

Maybe should you encrypt events instead of trying to protect the search string ?
It seems you could use a search string with masked (under custom patterns) arguments
Look at:
http://blogs.splunk.com/2010/01/25/encrypting-and-decrypting-fields/

Note sure it's relevant for your case but maybe a way for you

0 Karma
Reply

C_Sparn
Communicator
‎08-12-2014 12:09 AM

The problem is that the arguments are the security vulnerability. So if the arguments can be changed also the search macro is senseless. But thank you for the suggestion.

0 Karma
Reply

guilmxm
Influencer
‎08-11-2014 09:46 AM

Hi, You could use a macro which contains your search string, and the use it in your view.

You'll have to deal with arguments, but it will do the trick.

For example, the search:

index=_internal | stats count by host

Would be masked under the macro "foo", and you would call it with:

foo

0 Karma
Reply

C_Sparn
Communicator
‎08-11-2014 04:05 AM

That was a good idea guilmxm but I need a server side manipulation or encryption of the link. Are there any suggestions?

0 Karma
Reply

guilmxm
Influencer
‎08-06-2014 05:50 AM

No, in simple xml.

Create a css file you put in $SPLUNK_HOME/etc/apps//appserver/static

Put your css code, and restart at least Splunk Web (./splunk restart splunkweb)

Then in your view, edit the xml code (using the integrated editor) and add the stylesheet after the form or dashboard pattern:

Refresh the page, sometimes it's may be a good idea to clean your browser cache.

0 Karma
Reply

C_Sparn
Communicator
‎08-06-2014 05:42 AM

Sorry I do not know where I can set this css code in simple xml! Do you mean advanced xml?

0 Karma
Reply

C_Sparn
Communicator
‎08-06-2014 04:07 AM

Hello is it possible to encrypt the link?

0 Karma
Reply

C_Sparn
Communicator
‎08-04-2014 11:24 PM



index = ticket sourcetype =log $new_time$ TicketStatus = "closed"|join Ticket[|inputlookup average.csv|rename tickets as Ticket]|stats count(Tickets) as count

I found the reason why the search string is embedded in the link. It is embedded if an input like $new_time$ is part of the search string. Sorry but I had to delete the rest of the dashboard xml. But I need the inputs without having the search string in the link.
Greetings

0 Karma
Reply

somesoni2
Revered Legend
‎08-04-2014 06:39 AM

Can you provide your dashboard xml?

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...