Dashboards & Visualizations

Is there a common place to save javascript?

edoardo_vicendo
Contributor

Hi All,

We are customizing the Splunk Web Pages to disable edit buttons, to avoid a specific user can create dashboards and so on.
Instead of loading the javascript we designed in each dashboard XML, is there some folder where we can put our javascript so that it will be always executed?

Thanks a lot,
Edoardo

jeffland
SplunkTrust
SplunkTrust

Just to add to the discussion: by using either dashboard attributes, dashboard.js for your entire app or custom js on each dashboard, you do not prevent anyone from creating or editing dashboards, nor from navigating to places they shouldn't. You're only hiding the convenient browser link to do those things.
If you really want to prevent users from creating dashboards, you'll have to disable their write access to the app the dashboards are in. And if you want to prevent users from navigating to other apps, you need to disable their read access to them (they will no longer show up in the app drawer as well). The permissions of your roles govern everything you are allowed to do, hiding buttons doesn't change your abilities. For example, anyone can navigate to your_splunk/your_lang/your_app/search even without the entry in your navigation xml, and anyone can add /edit to the end of a dashboard url to go into edit mode, as long as their permissions allow them to do that. Remember that your js is executed on the client side? Imagine someone just disabling your "hide all important things"-js, or changing it so that it shows certain stuff.

PS: i just realized that @niketnilay mentions this in the last part of the answer he linked to in his comment here. I just want to emphasize that if you have to rely on these settings, there's no way around role based configuration.

0 Karma

jconger
Splunk Employee
Splunk Employee

You can use a single JavaScript file at the app level. Just place a file named dashboard.js in $SPLUNK_HOME/etc/apps/your_app/appserver/static Every dashboard in your app will execute this JavaScript without any modifications to the actual dashboard. Making this global for all applications would involved either:

  1. Ensuring all your apps have a dashboard.js file that load loads other JavaScript
  2. Messing with $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed I would stay away from this option though as it won't be upgrade safe.

edoardo_vicendo
Contributor

@jconger
I tried also with option 2.
Inspecting the page with Chrome DevTools Overview (F12 button) I realized that the highest element in the page (The black Splunk bar where "Messages", "Settings" menu appears) is located here:

views/shared/splunkbar/Master

So then I found in my local machine that the file is at the following path:

C:\Program Files\Splunk\share\splunk\search_mrsparkle\exposed\js\views\shared\splunkbar\Master.html

After that I tried to modify the Master.html adding a script tag to display a message in the console:

<script type="text/javascript">
    console.log("[1] Test");
</script>

Cleaned the browser cache and restarted the Splunk Server but nothing appears...
Do you know if I am doing something wrong?

Thanks a lot,
Edoardo

edoardo_vicendo
Contributor

@jconger thanks for your feedback

I just tried the option 1, this applied to all the Dashboards, but when you click on the "Dashboard" button you are redirected to the Dashboard list page where I can again see all the buttons "Search", "Datasets" etc... and also "Create New Dashboard", so I was looking for some folder/some way where my javascript will be applied to all the pages of that specific application.

0 Karma

niketn
Legend

@edoardo_vicendone any reasons for not using built in Dashboard attributes to hide Splunk Bar, App Bar, Title, Edit, Footer etc based on your needs? http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#dashboard_or_f...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

edoardo_vicendo
Contributor

@niketnilay thanks for your feedback
We went trought the solution of using Dashboard attributes (hideChrome, hideAppBar, hideEdit etc..) but this does not prevent a simple user to go in the Search box and write his own queries or to save his own dashboard or to navigate in all the Splunk menus.

For that reason we would like to customize the views so that the users will be read only.
In order to reach this target we have designed a javascript that based on the user role hide/remove elements from the page.

Now instead of having it loaded in the Dashboard XML we would like to put in some "root" place where it is always executed.

Thanks a lot,
Edoardo

0 Karma

niketn
Legend

By editing Splunk Navigation default.xml file for your app you can remove Search option. Also, if you hideAppBar App Navigation will be hidden i.e. Search menu should not be displayed. You can create your own navigation menu using html panel and CSS (hopefully pre-built panel). Refer to the following answer of mine for restricting User Access permissions including the JavaScript based access restriction that you are talking about: https://answers.splunk.com/answers/588779/whats-the-best-way-to-limit-a-role-so-it-only-has.html
Also reference to my other answer to create navigation using Prebuilt HTML Panel instead of using Splunk Navigation. Further if your dashboard drilldown open Search, you can create your own Dashboard using Splunk JS stack to mimic Search screen instead and set drilldown to Search dashboard instead of Splunk Search UI.

There can be only one JavaScript that can prevent/allow user access based on role. But as far as I know if has to be explicitly added using script attribute in dashboard/form's root node.

I will leave this question as unanswered for others to suggest the option you are looking for.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

edoardo_vicendo
Contributor

@niketnilay thanks again for your feedback

I read all the option of your post, expecially the one mentioned at point 5.
We designed a javascript, placing it in $SPLUNK_HOME$/etc/apps//appserver/static, with a searchmanager that inquiry a lookup table where is defined what the user can view. Suppose admin will not have any limitation, but a simple user will not have to see the edit button. In the table the column hideEditButton will be equal to true for that user, so that then in the javascript we will hide the edit button (using jQuery having selected the edit button from the DOM).

Our Splunk instance has several applications (Search & Reporting, ITSI etc..), so we are looking for a place where we can put our javascript in order it will be always executed, not only embedded in the dashboards, in order to customize the view, based on our needs, for each application.
One root folder for each app would be enought (that would mean one javsacript deployed for Search & reporting, one javascript for ITSI, etc..).

Do you know if this is feasible?

Thanks a lot,
Edoardo

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...