Security

Adding a navigation menu

jimjohn
Path Finder

How can i add a navigation menu to search options in splunk web 6.
Ie when i click search in home page i can see pivot,report,alerts etc.
I want to add one like that .

0 Karma

lmyrefelt
Builder

It's even easier then running a lot cryptic commands;

Go " Settings - User Interface - Navigation menus " , choose Your app and you will find under "Nav Name" an option called default. This is Your app menu .

Here you can add a



It is rather well documented in the docs and in various books.

lmyrefelt
Builder

reload Your app after

0 Karma

triest
Communicator

This is actually quite easy; Splunk has pretty good documentation about how to build navigation for an app: http://docs.splunk.com/Documentation/Splunk/6.0.1/AdvancedDev/BuildNavigation

I'm not sure what platform your on, but on m Mac I ran the following commands:

#change to the base directory of the search app
# on Linux this would more likely be cd /opt/splunk/etc/apps/search
cd /Applications/Splunk/etc/apps/search

#make a local directory for the nag menu
mkdir -p local/data/ui/nav

#copy the default nag menu to the local directory
cp default/data/ui/nav/default.xml local/data/ui/nav/

#edit the local nav file to add the menu entry
vi local/data/ui/nav/default.xml

I then added <view name="foo" /> to the file so it looked like:

 <nav search_view="search" color="#65A637">
  <view name="search" default='true' />
  <view name="data_models" />
  <view name="reports" />
  <view name="alerts" />
  <view name="dashboards" />
  <view name="foo" />
</nav>

To actually see the change, you need to actually create a view called foo (e.g. mkdir -p local/data/vui/views/ && vi local/data/ui/views/foo.xml).

The other thing to watch for is I originally chose the show source view, not really caring if it made sense as I just wanted to ensure the menu item showed up. Since show source doesn't make sense as a direct link, they set isVisible="false" so the link wouldn't show up.

Finally, you may need to do a debug refresh to see the changes (e.g. add debug/refresh to the URI root for your splunk install)

lmyrefelt
Builder

I totally agree with you and it is the way i prefer to work as well, however for never People / People not used to unix will get very very confused and scared 😛

0 Karma

triest
Communicator

lmyrefelt made a good point that you can do this through the web interface; for us, using the web interface causes all sorts of issues (we're fairly large and diverse; about 5,000,000 events a day / 2TB per day license) so I tend to think this way and as a unix person I prefer editing files that I can put in version control. Either way, I think it makes good documentation as this way will always work so if anyone finds the commands cryptic or needs more guidance please let me know and I'd be happy to try and help out.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...