- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How To Hide The Search Bar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
I have a question.
When I view a chart and I decide to click 'View results', it takes me to a flashtimeline page which displays the results in a table along with the actual search that produced those results.
How can I disable this search bar from being displayed in this situation? When I click 'View Results' from a chart, I do not want other users of my Splunk instance to see the search which created the chart.
Any info on this is greatly appreciated. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To hide the search bar, you will need to use the Advanced XML syntax.
First, create a new view to drill into. If you want, you can clone flashtimeline and then just remove the SearchBar module and it's param entries. You'll also need to add layoutPanel="splSearchControls-inline" back onto the TimeRangePicker module, since you removed the layoutPanel assignment when you removed the SearchBar.
Then modify your existing view (the one you want to drilldown from):
?showsource=1 to convert it to Advanced XML.
viewTarget from "flashtimeline" to your new view:<module name="SimpleResultsTable">
<param name="drilldown">row</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline2</param>
</module>
</module>
</module>
This will still leave the search string exposed in the URL, however. If you need to hide more of it, you might try saving the search and calling it from the dashboards via | savedsearch, or using search macros to hide some elements.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Edit this line in $SPLUNK_HOME$\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\module.py
su.quoteattr("Splunk.window.openJobInspector('%s');return
false;" % sid.replace("'",
"")),_('Inspect ...')
comment out inspect and add ('.') so it reads like this
su.quoteattr("Splunk.window.openJobInspector('%s');return
false;" % sid.replace("'",
"")),_('.')
this gives you what we call the magic dot. It is clickable and will take you to the flashtimeline but the user will never notice.
Comment this line in $SPLUNK_HOME$\share\splunk\search_mrsparkle\modules\search\ViewRedirectorLink.html
and add this line
You will get the same result.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To hide the search bar, you will need to use the Advanced XML syntax.
First, create a new view to drill into. If you want, you can clone flashtimeline and then just remove the SearchBar module and it's param entries. You'll also need to add layoutPanel="splSearchControls-inline" back onto the TimeRangePicker module, since you removed the layoutPanel assignment when you removed the SearchBar.
Then modify your existing view (the one you want to drilldown from):
?showsource=1 to convert it to Advanced XML.
viewTarget from "flashtimeline" to your new view:<module name="SimpleResultsTable">
<param name="drilldown">row</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline2</param>
</module>
</module>
</module>
This will still leave the search string exposed in the URL, however. If you need to hide more of it, you might try saving the search and calling it from the dashboards via | savedsearch, or using search macros to hide some elements.
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
