In simple xml, you could do this:
You can hide the tool bar using css to prevent users from accessing to the search.
.dashboard-row2 .paxnel-footer {
display: none;
}
Then deactivate any drilldown in your view
Sorry, out of idea 🙂
No sorry but does not help in my case.
Maybe should you encrypt events instead of trying to protect the search string ?
It seems you could use a search string with masked (under custom patterns) arguments
Look at:
http://blogs.splunk.com/2010/01/25/encrypting-and-decrypting-fields/
Note sure it's relevant for your case but maybe a way for you
The problem is that the arguments are the security vulnerability. So if the arguments can be changed also the search macro is senseless. But thank you for the suggestion.
Hi, You could use a macro which contains your search string, and the use it in your view.
You'll have to deal with arguments, but it will do the trick.
For example, the search:
index=_internal | stats count by host
Would be masked under the macro "foo", and you would call it with:
foo
That was a good idea guilmxm but I need a server side manipulation or encryption of the link. Are there any suggestions?
No, in simple xml.
Create a css file you put in $SPLUNK_HOME/etc/apps/
Put your css code, and restart at least Splunk Web (./splunk restart splunkweb)
Then in your view, edit the xml code (using the integrated editor) and add the stylesheet after the form or dashboard pattern:
Refresh the page, sometimes it's may be a good idea to clean your browser cache.
Sorry I do not know where I can set this css code in simple xml! Do you mean advanced xml?
Hello is it possible to encrypt the link?
I found the reason why the search string is embedded in the link. It is embedded if an input like $new_time$ is part of the search string. Sorry but I had to delete the rest of the dashboard xml. But I need the inputs without having the search string in the link.
Greetings
Can you provide your dashboard xml?