Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I get the settings menu back in Splunk Web?

techn0gichida
Explorer
‎09-21-2016 10:21 AM

The settings dropdown menu only shows the DMC? I don't how it got this way. I was trying to restore some views on reports and ran the refresh options for nav and view.

alt text

Labels (1)
Labels
Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎09-21-2016 10:27 AM

Very interesting. It is not widely known but the admin section is actually extremely dynamic, and is controlled in large part by all the XML files you'll find in etc/apps/search/default/data/ui/manager/ The files there are a part of EAI, which stands for Extensible Administration Interface, and the "eai" prefix that you see in certain places in the rest api still. It is indeed extensible, and you can see some apps like DBConnect do indeed extend it quite powerfully.

Also the refresh endpoints I believe are able to refresh those XML files from disk. It's possible that Splunk was unable to reach those files at the moment when you hit the refresh endpoint? Perhaps verify that all those xml files are actually there in the right place and hit the refresh endpoint again ?

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎09-21-2016 10:27 AM

Very interesting. It is not widely known but the admin section is actually extremely dynamic, and is controlled in large part by all the XML files you'll find in etc/apps/search/default/data/ui/manager/ The files there are a part of EAI, which stands for Extensible Administration Interface, and the "eai" prefix that you see in certain places in the rest api still. It is indeed extensible, and you can see some apps like DBConnect do indeed extend it quite powerfully.

Also the refresh endpoints I believe are able to refresh those XML files from disk. It's possible that Splunk was unable to reach those files at the moment when you hit the refresh endpoint? Perhaps verify that all those xml files are actually there in the right place and hit the refresh endpoint again ?

Reply
Solved! Jump to solution

techn0gichida
Explorer
‎09-21-2016 11:58 AM

I did find that the entire default directory was missing. I've restored from fresh install of the same Splunk version.

Are http://splunk/en-US/debug/refresh?entity=/data/ui/nav and http://splunk/en-US/debug/refresh?entity=/data/ui/view the correct endpoint to refresh?

Thanks,
Jim

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎09-21-2016 12:06 PM

Great - I believe the relevant refresh endpoint is actually http://splunk/en-US/debug/refresh?entity=/admin/manager

/data/ui/nav refreshes all the */data/ui/nav/default.xml files from all apps.

/data/ui/views refreshes all the */data/ui/views/*.xml from all apps.

When in doubt, you can just hit the refresh endpoint with no entity specified and it can take a really long time on some platforms, but it will refresh them all.

Reply
Solved! Jump to solution

ridwanahmed
Path Finder
‎05-20-2020 07:10 PM

if I'm going to http://mySplunk:8000/en-US/debug/refresh?entity=/data/ui/view, suggestions on where to look next? I've checked all the files in /etc/apps/search/.../views/manager are have 644 permissions, owned by splunk.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<response>
<link type="text/css" id="dark-mode" rel="stylesheet" href=""/>
<style type="text/css" id="dark-mode-custom-style"/>
<messages>
<msg type="ERROR">Forbidden</msg>
</messages>
</response>
0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎06-01-2020 03:15 PM

Ah thanks - sorry there was a typo in my response. The URL is
http://splunk/en-US/debug/refresh?entity=/data/ui/views

and it was missing the "s" on the end, which is why you were getting that error. Add the "s" and it will work. Also I will go and edit my comment above to fix that typo.

0 Karma
Reply
Solved! Jump to solution

techn0gichida
Explorer
‎09-21-2016 01:27 PM

Thank you very. This did bring back the all the settings. Hate to be a bother but can you tell me how I get the files in /etc/apps/search/local/data/ui/views to be seen? I don't see the dashboards.

Thanks,
Jim

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎09-21-2016 04:02 PM

Hi @techn0gichida - If @sideview was able to answer your question, please don't forget to resolve the post by clicking "Accept" below the answer. Thank you!

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎09-21-2016 01:39 PM

No problem - just hit http://splunk/en-US/debug/refresh?entity=/data/ui/views and that will refresh all the views aka dashboards.

0 Karma
Reply
Solved! Jump to solution

techn0gichida
Explorer
‎09-21-2016 04:50 PM

I did that refresh but dashboards in the location still do not show up. Maybe if I move them to another location it might pick them up?

Thanks,
Jim

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...