Security

user context with javascript

gpburgett
Splunk Employee
Splunk Employee

I'm working on an idea for trying to add the current user info to a search string so that I can control search parameters more granularly on a per user basis. The idea is to add a hidden string to the search behind the scenes in the view xml, which will then be replaced by the current user name. Then I can use eval case() or a lookup table to add/change user specific parameters.

I don't know Javascript very well at all, but I've poked around Answers and the new documentation and I've patched together a script that should theoretically grab the current username from the AccountBar module and then replace it into my search string (see sample code below). But it doesn't seem to be working. It may be a problem with my script or it could be that I'm not implementing it properly in the xml. Please let me know if I'm on the right track or if there's a better way to go about doing this. Thanks!

lastKnownUser = 'unknown'
function getUserName() {
     text = jQuery('.accountBarItems').text()
     r = /Logged in as (\S+)/
     matches = r.exec(text)
     if (matches) {
          lastKnownUser = matches[1];
     }
     return lastKnownUser;
}
function applyUserContext(string, user) {
     var replacer = new RegExp("\$\USER\$");    
     string = Splunk.util.replaceTokens(string, replacer, user);
     return string;
}
if (Splunk.util.getCurrentView() == 'username_test') {
if (Splunk.Module.NullModule) {
    Splunk.Module.NullModule = $.klass(Splunk.Module.NullModule, {
        getModifiedContext: function() {
            var context = this.getContext();
             var search = context.get("search");
             var user = getUserName();
             search = applyUserContext(search, user);
             context.set("search", search);
             return context;
             }
         });
     }
     break;
}
Tags (3)
1 Solution

sideview
SplunkTrust
SplunkTrust

You're more or less on the right track. The main problem I see here is that the 'search' is not actually a string. It implements toString() so it looks like a string, and it's certainly easy to think of it as a string. And certainly all of the other context key arguments are strings, so i can see how you'd think that.

However it's an object. More specifically it's an instance of Splunk.Search.

So when you do context.set("search", search), and you actually set it to a string value, things downstream will derail badly. Probably there are a bunch of javascript errors in the console.

There is actually a little documentation around this stuff now. http://dev.splunk.com/view/SP-CAAADQV . What you want to look at specifically is the setBaseSearch() method.

And if you're going down this road of using NullModule to inject custom javascript, you probably want to at least take a look at Sideview Utils. that app among other things gives you a CustomBehavior module, and all of the Sideview modules themselves take customBehavior params, and this makes it a little more flexible and a little less brittle to wire up your app with custom behaviors.

http://splunk-base.splunk.com/apps/22279/sideview-utils

UPDATE:

1) You should delete your entire 'getUserName' function and replace it with this:

Splunk.util.getConfigValue("USERNAME")

2) Since this answer Sideview Utils 2.0 is out, and although it's no longer free, it has a lot of new features and modules that the old version does not. Email me with any question or for pricing details. http://sideviewapps.com/apps/sideview-utils/

View solution in original post

sideview
SplunkTrust
SplunkTrust

You're more or less on the right track. The main problem I see here is that the 'search' is not actually a string. It implements toString() so it looks like a string, and it's certainly easy to think of it as a string. And certainly all of the other context key arguments are strings, so i can see how you'd think that.

However it's an object. More specifically it's an instance of Splunk.Search.

So when you do context.set("search", search), and you actually set it to a string value, things downstream will derail badly. Probably there are a bunch of javascript errors in the console.

There is actually a little documentation around this stuff now. http://dev.splunk.com/view/SP-CAAADQV . What you want to look at specifically is the setBaseSearch() method.

And if you're going down this road of using NullModule to inject custom javascript, you probably want to at least take a look at Sideview Utils. that app among other things gives you a CustomBehavior module, and all of the Sideview modules themselves take customBehavior params, and this makes it a little more flexible and a little less brittle to wire up your app with custom behaviors.

http://splunk-base.splunk.com/apps/22279/sideview-utils

UPDATE:

1) You should delete your entire 'getUserName' function and replace it with this:

Splunk.util.getConfigValue("USERNAME")

2) Since this answer Sideview Utils 2.0 is out, and although it's no longer free, it has a lot of new features and modules that the old version does not. Email me with any question or for pricing details. http://sideviewapps.com/apps/sideview-utils/

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...