You can add
?showsource=true) to the end of any address in your browser and see the underlying Splunk modules and XML source. Nice.
But if I am developing an app that I want to sell, I might not want to give away the "source code."
Can I disable showsource?
This is not possible. When you're giving your app to someone, he can just unpack it and take a look at the view files directly. There's no way to protect or encrypt this yet.
Excellent point. Why protect it dynamically if any person who downloads it can just look at the static files...
I'm not aware of a way, but perhaps one exists.
Even if you were able to disable that particular method, however, there are plenty of other ways to see the source XML.
Once an app is installed, users with admin privileges will be able to view and edit the source in the Manager. Also, the raw XML files will be visible in the app's
default/data/ui/views directory, and the SplunkBase archive format is just
.tar.gz format renamed to
.spl, making it trivial to extract the information there.
Splunk admins may also need to be able to modify the view definition to adjust for differences in their data, especially if there are search strings embedded in the XML.
Trying to restrict access to an app's XML from end users is one thing; trying to hide it from the Splunk admin is quite another.
In addition to the other answers, I wouldn't worry too much about this today. The view XML is currently so limited that I find it hard to imagine it's even possible to create something worth hiding. It may be maddeningly difficult to read or write, but it's about as complex and interesting as the navigation menu structure. (And I mean "complex" in the sense of "able to express complex forms" not simply "complicated". It is indeed the latter.)