- Community
- :
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to remove search button below the panel and se...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
How to remove search button below the panel and search capabilities as well
I have couple of related things to be addressed.
- I want to remove the search button from the panels so that users from specific roles can only see the dashboards.
While the 'user' cannot see the search button, I want admins to see that option.
So putting <option name="link.openSearch.visible">false</option> in the XML is ruled out.
Is there any other way?
- I do not want users to have the search capabilities as well. If I am doing that, the searches in dashboards are also not working. Can I make them see the dashboards but take away the capabilities of running the ad-hoc searches?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
@varad_joshi you can refer to one of my older answers to use logged in user role in Splunk Dashboard and enable/disable required inputs for non-admins:https://community.splunk.com/t5/Security/Can-i-restrict-permissions-for-the-text-box-drilldown-input.... In your case you would need to hide the Open in Search link.
<init>
<set token="searchShowHideCSS">visibility: hidden !important;</set>
</init>
<search>
<progress>
<!-- No Results Found - Hence admin role is attached with logged in user enable Open in Search Link-->
<condition match="$job.resultCount$==0">
<set token="searchShowHideCSS"></set>
</condition>
<!-- Hence admin role is not attached with logged in user -->
<condition>
<set token="searchShowHideCSS">visibility: hidden !important;</set>
</condition>
</progress>
<query>| rest splunk_server=local /services/authentication/current-context
| fields username roles
| eval roles=mvjoin(roles,",")
| search roles!="admin"</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
</search>
<row depends="$alwaysHideCSSPanel$">
<panel>
<html>
<style>
a[data-original-title="Open in Search"]{
$searchShowHideCSS$
}
</style>
</html>
</panel>
</row>For the second question you may have to provide more details. If you can provide users with results from a predefined Report or Scheduled search you can use the loadjob command, hence abstracting the underlying search. Users can have access to the report but not to search.
| makeresults | eval message= "Happy Splunking!!!"
It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!
Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>
Or Learn More in Our Blog >>
