Security

user context with javascript

Splunk Employee
Splunk Employee

I'm working on an idea for trying to add the current user info to a search string so that I can control search parameters more granularly on a per user basis. The idea is to add a hidden string to the search behind the scenes in the view xml, which will then be replaced by the current user name. Then I can use eval case() or a lookup table to add/change user specific parameters.

I don't know Javascript very well at all, but I've poked around Answers and the new documentation and I've patched together a script that should theoretically grab the current username from the AccountBar module and then replace it into my search string (see sample code below). But it doesn't seem to be working. It may be a problem with my script or it could be that I'm not implementing it properly in the xml. Please let me know if I'm on the right track or if there's a better way to go about doing this. Thanks!

lastKnownUser = 'unknown'
function getUserName() {
     text = jQuery('.accountBarItems').text()
     r = /Logged in as (\S+)/
     matches = r.exec(text)
     if (matches) {
          lastKnownUser = matches[1];
     }
     return lastKnownUser;
}
function applyUserContext(string, user) {
     var replacer = new RegExp("\$\USER\$");    
     string = Splunk.util.replaceTokens(string, replacer, user);
     return string;
}
if (Splunk.util.getCurrentView() == 'username_test') {
if (Splunk.Module.NullModule) {
    Splunk.Module.NullModule = $.klass(Splunk.Module.NullModule, {
        getModifiedContext: function() {
            var context = this.getContext();
             var search = context.get("search");
             var user = getUserName();
             search = applyUserContext(search, user);
             context.set("search", search);
             return context;
             }
         });
     }
     break;
}
Tags (3)
1 Solution

SplunkTrust
SplunkTrust

You're more or less on the right track. The main problem I see here is that the 'search' is not actually a string. It implements toString() so it looks like a string, and it's certainly easy to think of it as a string. And certainly all of the other context key arguments are strings, so i can see how you'd think that.

However it's an object. More specifically it's an instance of Splunk.Search.

So when you do context.set("search", search), and you actually set it to a string value, things downstream will derail badly. Probably there are a bunch of javascript errors in the console.

There is actually a little documentation around this stuff now. http://dev.splunk.com/view/SP-CAAADQV . What you want to look at specifically is the setBaseSearch() method.

And if you're going down this road of using NullModule to inject custom javascript, you probably want to at least take a look at Sideview Utils. that app among other things gives you a CustomBehavior module, and all of the Sideview modules themselves take customBehavior params, and this makes it a little more flexible and a little less brittle to wire up your app with custom behaviors.

http://splunk-base.splunk.com/apps/22279/sideview-utils

UPDATE:

1) You should delete your entire 'getUserName' function and replace it with this:

Splunk.util.getConfigValue("USERNAME")

2) Since this answer Sideview Utils 2.0 is out, and although it's no longer free, it has a lot of new features and modules that the old version does not. Email me with any question or for pricing details. http://sideviewapps.com/apps/sideview-utils/

View solution in original post

SplunkTrust
SplunkTrust

You're more or less on the right track. The main problem I see here is that the 'search' is not actually a string. It implements toString() so it looks like a string, and it's certainly easy to think of it as a string. And certainly all of the other context key arguments are strings, so i can see how you'd think that.

However it's an object. More specifically it's an instance of Splunk.Search.

So when you do context.set("search", search), and you actually set it to a string value, things downstream will derail badly. Probably there are a bunch of javascript errors in the console.

There is actually a little documentation around this stuff now. http://dev.splunk.com/view/SP-CAAADQV . What you want to look at specifically is the setBaseSearch() method.

And if you're going down this road of using NullModule to inject custom javascript, you probably want to at least take a look at Sideview Utils. that app among other things gives you a CustomBehavior module, and all of the Sideview modules themselves take customBehavior params, and this makes it a little more flexible and a little less brittle to wire up your app with custom behaviors.

http://splunk-base.splunk.com/apps/22279/sideview-utils

UPDATE:

1) You should delete your entire 'getUserName' function and replace it with this:

Splunk.util.getConfigValue("USERNAME")

2) Since this answer Sideview Utils 2.0 is out, and although it's no longer free, it has a lot of new features and modules that the old version does not. Email me with any question or for pricing details. http://sideviewapps.com/apps/sideview-utils/

View solution in original post