Here is what I did, probably a cleaner way to do it..   🙂   I removed my domain and replaced my specific items with XXXXXX     my splunk is on port 8000 locally server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name dashboard.yourdomain.com; access_log logs/dashboard.log default; ssl_session_timeout 10m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/XXXX.pem; ssl_certificate_key ssl/XXXX.pem; ssl_session_cache shared:SSL:10m; location ^~ /en-US/account { return 302 https://dashboard.yourdomain.com; } location ^~ /en-US/app/search/search { return 404; } location ^~ /en-US/app/launcher { return 404; } location ^~ /en-US/app/search/reports { return 404; } location ^~ /en-US/app/search/datasets { return 404; } location ^~ /en-US/app/search/alerts { return 404; } location ^~ /en-US/app/search/dashboards { return 404; } location = / { proxy_pass http://127.0.0.1:8000/en-US/account/insecurelogin?return_to=%2Fen-US%2Fapp%2Fsearch%2Fdashboard__historical_html?loginType=splunk&username=YOURUSERNAME&password=YOURPASSWORD; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; sub_filter ':8000' ''; ## SECURITY SETTINGS ## add_header Referrer-Policy "same-origin"; add_header Feature-Policy " "; add_header Strict-Transport-Security "max-age=31536000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Content-Security-Policy "default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';" always; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; sub_filter ':8000' ''; ## SECURITY SETTINGS ## add_header Referrer-Policy "same-origin"; add_header Feature-Policy " "; add_header Strict-Transport-Security "max-age=31536000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Content-Security-Policy "default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';" always; } }     ... View more

yes.....  ish......        was not ideal, but I used nginx as a reverse proxy..     I let nginx send the basic auth in the url to the actual splunk server...   then nginx proxies the splung pages back to the user..   then i use nginx to block access to any other page that the dashboard user didnt need access to just to be extra safe.    It's not idea or clean, but it works.      ... View more

Here is what I had to change for anyone else looking,   had to add " " to the token=XXXX value, and had to put the <done> block within the <search> blocks.    Thanks Rich.   <row> <panel> <single> <title>Server Pending Payout</title> <search> <query>index="signa_pool" name!="Pir8Radio"| stats sum(pendingBalanceNum) as PendingBalance</query> <earliest>-2m</earliest> <latest>now</latest> <done> <set token="Panel1Value">$result.PendingBalance$</set> </done> </search> <option name="drilldown">none</option> <option name="numberPrecision">0.000</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> <option name="unit">SIGNA</option> </single> </panel> <panel> <single> <title>Pool Account Balance</title> <search> <query>index="signum_node" | stats latest(guaranteedBalanceNQT) as PoolBal | eval PoolBal=round(PoolBal/100000000,4)</query> <earliest>-2m</earliest> <latest>now</latest> <done> <set token="Panel2Value">$result.PoolBal$</set> </done> </search> <option name="drilldown">none</option> <option name="height">114</option> <option name="numberPrecision">0.000</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> <option name="unit">SIGNA</option> </single> </panel> <panel> <single> <title>Pool Excess</title> <search> <query>| makeresults | eval Excess=$Panel2Value$ - $Panel1Value$</query> <earliest>-2m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> <option name="height">111</option> <option name="numberPrecision">0.000</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> <option name="unit">SIGNA</option> </single> </panel> </row> <row>     ... View more

embedded reports are not the same as dashboard.   OP wanted a way to display a DASHBOARD without login.   Embedded reports are just that, reports, you can not display live real time data.    SO, how do you display a dashboard without having to login?  ... View more

the URL you couldn't reach was a url you posted.   its broken. is what he was saying. your message: Hi Arun_N_007, this is possible if Splunk is configured for integration with Active Directory: it's possible to configure browser to execute automatic login using users account for authentication. In othe words: user does logon to AD domain when open his own computer ( “joined” to the domain). When user will connect to Splunk using own browser (configured as described in the following URL), he will not have to type his credentials again. https://prdsoftware.com/helpmasterlive/KnowledgeBase/kbarticle.aspx?view=107 Obviously this functionality runs only with a Splunk Enterprise License, it doesn't run with a free license ... View more

looks like it is working with the below config.. thank you!  😄    ... View more

it will not let me set "should_linemerge=true" with line_breaker set to  }(\,){\"address\" ... View more

Then please include instructions how to do that in windows splunk. ... View more

Hope i made sense. 🙂 ... View more

I am using splunk REST plugin to grab json data.   Plugin may strip raw info i am not sure.  But here is the real API json data:  https://signapool.notallmine.net/api/getMiners @kamlesh_vaghela  If you can make input work with raw json i can just write a script that grabs json and puts it into a text file every 2 mins and not use REST plugin. ... View more

This is how i have it configured today, but it only grabs the first user "Pir8radio" ignores the rest.   And this is result, but result is only the first array item. not the rest of them.       ... View more

I guess the community isnt as active any more..  😞   ... View more

must be harder than i thought.......  🙂 ... View more

this post, almost addresses what i'm trying to do, but it only supplies me with the first user record..    https://community.splunk.com/t5/Getting-Data-In/How-to-split-a-json-array-into-multiple-events-with-separate/m-p/139855/highlight/false#M28742               I need it to break out the 20 items in the string, not just give me the first one ... View more

I am in need of this exact solution, except it appears to stop after the first match in a json string?  How do i prevent that?   for example if you look at the original post there are multiple "TEST" in that single json string.  I need to break these out into three records...  your response works but only on the first record.  any ideas? ... View more

So each user has stats, in the original post that shows just my user "pir8radio"  (shown below) I need to be able to create dashboards off of the user stats.      Below  the address and addressRS represent one user..   Everything else is his data.     So my user   S-GJ9C-T2EF-C82A-8EZPD   is also know as 7338594461977886954 or by name: Pir8Radio, has a pending balance of 0 Signa, a total capacity of 80.xxxxx  etc etc..    This data is grabbed by splunk every 2 mins.     I need to chart based on this data.   filtered however i filter it on the dashboard.   normal splunk usage..    my issue is that there are multiple users data polled every 2 mins in one json response..  so i need to tie all of the info below as one record, then the next user as another record, then i can break out the fileds per record.      { "address":"7338594461977886954", "addressRS":"S-GJ9C-T2EF-C82A-8EZPD", "pendingBalance":"0 SIGNA", "totalCapacity":80.04373488882364, "totalEffectiveCapacity":64.44006329147014, "commitment":"2467.564 SIGNA", "committedBalance":"159010 SIGNA", "boost":0.4127924541887127, "boostPool":0.6147618784432624, "sharedCapacity":64.44006329147014, "sharePercent":100, "donationPercent":1, "nConf":120, "share":0.4091681714251888, "minimumPayout":"10 SIGNA", "currentRoundBestDeadline":"511", "name":"Pir8Radio", "userAgent":"signum-miner/1.8.0" }          So when you poll that url, you get like 20 of the above all back to back in a single JSON response.   i need to break them out into 20 records not one record with 20 users in it..   Not sure im explaining well..     copy paste the above 20 times back to back and that is what splunk ingests every 2 mins.      So in splunk i see this:  Instead of one record with 1 result each for each item miners{}.address , miners{}.addressRS , pendingBalance  etc... ... View more

Ok, anyone else? 🙂 ... View more

here is the actual json request as it gets logged in splunk.    https://signapool.notallmine.net/api/getMiners ... View more

I have an index, and im ingesting json using the REST plugin. so every poll i get a big json chunk with all the users...  SPluk can id the different fields but not associate each stat with each user..  so right now my index has big chunks with all users as one entry.   I can wipe out the stored data and start over.. that is fine.  i just started logging.  If that makes sense.   so if thats just a search i'll give it a go   ... View more

Using windows...  so don't laugh but how do I add this in..  Most of you guys edit configs directly..  get me started and ill make it happen lol.  Thank you for the fast response by the way. ... View more

Did not work    😞   Seems to be an issue here somewhere: | stats sum(eval(if('usage_info.d_w'>=0,1,0))) as d_samples sum(eval(if('usage_info.solar_w'>=0,1,0))) as solar_samples as samples sum(usage_info.d_w) as d_watt_sum sum(usage_info.solar_w) as solar_watt_sum by _time ... View more