Dashboards & Visualizations

Is it possible to create a dashboard view that can be accessed without logging in?

williamholder
Explorer

Is it possible to create a dashboard view that can be accessed without logging in?
I would like to display a dashboard showing website monitoring on a central screen in the office without needing to enter a username and password.

Labels (1)
1 Solution

ChrisG
Splunk Employee
Splunk Employee

You can use the embedded report feature to put your scheduled reports into any HTML web page, see Embed scheduled reports in the Reporting Manual. See the Additional configuration for embedded reports topic also.

View solution in original post

bandit
Motivator

As of 2019, Splunk Connected Experiences is available. https://www.splunk.com/en_us/resources/videos/splunk-connected-experiences.html Part of that suite is Splunk TV which presently allows you to use an app on an Apple TV streaming device (https://www.apple.com/tv/) to view Splunk dashboards and setup slideshows.

At a high level, you have to install Splunk Cloud Gateway https://splunkbase.splunk.com/app/4250 on to your search head or search cluster, enable the Splunk TV feature, and select which apps are visible.

You then have to install Splunk TV on your Apple TV Device, get a device registration code, and register it in the Splunk Cloud Gateway app on your search head.

Once connected, you can choose which dashboards to group together into a slideshow from the Splunk TV App on your Splunk TV.
Most dashboards are compatible, and it even has a nifty feature of auto-scrolling through larger dashboards,

0 Karma

fmpa_isaac
Path Finder

Hello, I don't see the embed option available to Dashboards. Is that available also?

0 Karma

ChrisG
Splunk Employee
Splunk Employee

You can use the embedded report feature to put your scheduled reports into any HTML web page, see Embed scheduled reports in the Reporting Manual. See the Additional configuration for embedded reports topic also.

pir8radio
Path Finder

embedded reports are not the same as dashboard.   OP wanted a way to display a DASHBOARD without login.   Embedded reports are just that, reports, you can not display live real time data.    SO, how do you display a dashboard without having to login? 

0 Karma

dm1
Contributor

did you get any solution for this ?

0 Karma

pir8radio
Path Finder

yes.....  ish......        was not ideal, but I used nginx as a reverse proxy..     I let nginx send the basic auth in the url to the actual splunk server...   then nginx proxies the splung pages back to the user..   then i use nginx to block access to any other page that the dashboard user didnt need access to just to be extra safe.    It's not idea or clean, but it works.     

0 Karma

sddunne
Explorer

Hey - that's a neat workaround, we are doing something very similar with DataDog to add a layer of security to the public dashboards by enabling the IP whitelist feature and then whitelisting NGINX. 

I'm keen to try your solution for Splunk Dashboards and wondered if you would be willing to share an example of the NGINX config you are using to do this? 

Many thanks,
Sean.

0 Karma

pir8radio
Path Finder

Here is what I did, probably a cleaner way to do it..   🙂   I removed my domain and replaced my specific items with XXXXXX     my splunk is on port 8000 locally

server {
   	listen [::]:443 ssl http2;
    	listen 443 ssl http2;
	server_name dashboard.yourdomain.com;

	access_log  logs/dashboard.log  default;

        ssl_session_timeout 10m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      ssl/XXXX.pem;
	ssl_certificate_key  ssl/XXXX.pem;
        ssl_session_cache shared:SSL:10m;

location ^~ /en-US/account {
 return      302 https://dashboard.yourdomain.com;
}
location ^~ /en-US/app/search/search {
  return 404;
}
location ^~ /en-US/app/launcher {
  return 404;
}
location ^~ /en-US/app/search/reports {
  return 404;
}
location ^~ /en-US/app/search/datasets {
  return 404;
}
location ^~ /en-US/app/search/alerts {
  return 404;
}
location ^~ /en-US/app/search/dashboards {
  return 404;
}
	location = / {
	proxy_pass http://127.0.0.1:8000/en-US/account/insecurelogin?return_to=%2Fen-US%2Fapp%2Fsearch%2Fdashboard__historical_html?loginType=splunk&username=YOURUSERNAME&password=YOURPASSWORD;

	proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	sub_filter ':8000'  '';

     ## SECURITY SETTINGS ##
	add_header Referrer-Policy "same-origin";
	add_header Feature-Policy " ";
	add_header Strict-Transport-Security "max-age=31536000; preload" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header Content-Security-Policy "default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';" always;
}

	location / {
	proxy_pass http://127.0.0.1:8000;
	proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	sub_filter ':8000'  '';

     ## SECURITY SETTINGS ##
	add_header Referrer-Policy "same-origin";
	add_header Feature-Policy " ";
	add_header Strict-Transport-Security "max-age=31536000; preload" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header Content-Security-Policy "default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';" always;
}
}

   

0 Karma

sddunne
Explorer

Wow, thanks, that's amazing! Next step for me is to request insecurelogin get enabled! 

Thanks v much!

Sean.

0 Karma

dm1
Contributor

right. We are also following this same method for one dashboard (lets call it - /ABC) that is on a dedicated search head. At the same time, there is another team that accesses another dashboard(/DEF) on another dedicated search head via NGINX but without basic auth. They have to use Splunk auth to access DEF dashboard.

now lets suppose, we are merging both dashboards (ABC & DEF) on same search head and we want to still maintain the same method of access, in that case, how can we achieve that ?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...