All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

OSSEC app needs a fix - too much global exporting

Michael_Wilde
Splunk Employee
Splunk Employee
‎05-18-2011 01:44 PM

Thanks for making this app. Views and nav bar collide in other apps.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎05-18-2011 03:45 PM

Clobbering of the Nav menu is clearly a significant bug and will be fixed.

As you noted, the short-term fix is to go in and re-scope it manually. People who have customized their default nav menu in search or elsewhere typically won't be affected, which is probably why it wasn't noticed sooner.

Much of the global exporting is quite intentional. We have users who want access to OSSEC information through the search app. That includes saved searches, views, lookups, and search commands (i.e., most of the app).

Regardless, the scoping is something that has been on the radar to tighten down, or possibly provided as an install-time option. It's a significant enough change that it won't be done before th a 1.2 release of the app, which will hopefully come reasonably soon.

Setting the Nav menu aside, as you noted, there are a few cases where this sort of thing crops up elsewhere, particularly for saved searches and views. Any app that needs to share elements outside itself has this problem, and is going to pollute other app menus. For now, the safest approach is for any app other than search to be very specific when defining its own nav.xml.

I've been meaning to file an ER to ask for a way to scope across multiple apps without resorting to global. Perhaps you and any others who've been bitten by this could make a similar request?

View solution in original post

Reply
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎05-18-2011 03:45 PM

Clobbering of the Nav menu is clearly a significant bug and will be fixed.

As you noted, the short-term fix is to go in and re-scope it manually. People who have customized their default nav menu in search or elsewhere typically won't be affected, which is probably why it wasn't noticed sooner.

Much of the global exporting is quite intentional. We have users who want access to OSSEC information through the search app. That includes saved searches, views, lookups, and search commands (i.e., most of the app).

Regardless, the scoping is something that has been on the radar to tighten down, or possibly provided as an install-time option. It's a significant enough change that it won't be done before th a 1.2 release of the app, which will hopefully come reasonably soon.

Setting the Nav menu aside, as you noted, there are a few cases where this sort of thing crops up elsewhere, particularly for saved searches and views. Any app that needs to share elements outside itself has this problem, and is going to pollute other app menus. For now, the safest approach is for any app other than search to be very specific when defining its own nav.xml.

I've been meaning to file an ER to ask for a way to scope across multiple apps without resorting to global. Perhaps you and any others who've been bitten by this could make a similar request?

Reply
Solved! Jump to solution

southeringtonp
Motivator
‎05-18-2011 06:53 PM

This is really great to hear. Presumably we're looking at at least the next major release before the architectural changes make it through the door (??), but it could be a huge help. Ironically, thinking back, part of the reason the nav.xml issue didn't show up on our systems is because we'd customized the menu in search to clean up entries bleeding through from other apps and push them into submenus.

0 Karma
Reply
Solved! Jump to solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎05-18-2011 06:11 PM

Agree. Some of Splunk's own apps such as Cisco Security (which is comprised of a bunch of "mini-apps" that have nav's, views, & searches need to be exported globally--which pollutes other apps. Apps are undergoing a number of architectural feature scoping--to include permissions and dependencies (as i personally NEED dependencies to work for some stuff I am doing). Thank you for supporting Splunk and being a part of our community.

0 Karma
Reply
Solved! Jump to solution

gfriedmann
Communicator
‎05-18-2011 02:16 PM

Dude. Awesome format. Rock!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...