Dashboards & Visualizations

Javascript SDK visualizations without putting credentials in code?

Splunk Employee
Splunk Employee

What isn't immediately apparent from looking at the Javascript SDK web examples are how to enable things like the Timeline and Charting views in your own application without distributing Splunk login credentials in code? Does anyone have a good idea on the best method of accomplishing this? I've thought of a proxying the connections to the Splunk server and trapping for login events and overriding credentials in the proxy, but that seems excessive.

Seems like there should be some way of tokenizing login so a publicly accessible web application could access data in Splunk without having to deal with credentials. OAuth support maybe in the future?

Tags (2)
1 Solution

Splunk Employee
Splunk Employee

Greg's answer is pretty accurate. I'm the developer of the JS SDK - I'll sum up the options that I see for what you want to do:

  1. Hard-code the values in the JS code. You can make it with a public account with limited access, as Greg suggested.
  2. Have a secondary server (say, your website server) do the login for you, and simply pass down the session key, which you can use without a username and password. That way the username/password credentials are only in the back-end.
  3. Have a proxy between you and Splunk that will take all calls to Splunk and simply add in the username/password information.
  4. Have the user supply you with credentials (e.g. their Splunk credentials), assuming that they have one.

Let me know if any of these options don't make sense or you need any help with one of them. You can get in touch with my team at devinfo@splunk.com.

View solution in original post

Splunk Employee
Splunk Employee

Greg's answer is pretty accurate. I'm the developer of the JS SDK - I'll sum up the options that I see for what you want to do:

  1. Hard-code the values in the JS code. You can make it with a public account with limited access, as Greg suggested.
  2. Have a secondary server (say, your website server) do the login for you, and simply pass down the session key, which you can use without a username and password. That way the username/password credentials are only in the back-end.
  3. Have a proxy between you and Splunk that will take all calls to Splunk and simply add in the username/password information.
  4. Have the user supply you with credentials (e.g. their Splunk credentials), assuming that they have one.

Let me know if any of these options don't make sense or you need any help with one of them. You can get in touch with my team at devinfo@splunk.com.

View solution in original post

Splunk Employee
Splunk Employee

It's probably easiest for now to just create a public account and code the credentials. it's probably possible in theory to leverage the Splunk SSO functionality to authenticate w/o providing a password, but it's probably a bit involved and would require setting up a dedicated search head instance and configuration for each client, which means, yes, you'll have to have some kind of application server or proxy in place if you're going to have make the javascript calls straight from the browser.

Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!