Activity Feed
- Karma Re: WebTools app - issues with POST bodies under version 1.2.6 for jkat54. 06-05-2020 12:50 AM
- Got Karma for WebTools App - How to make GET without basic authentication. 06-05-2020 12:50 AM
- Got Karma for Re: WebTools App - How to make GET without basic authentication. 06-05-2020 12:50 AM
- Got Karma for WebTools app - issues with POST bodies under version 1.2.6. 06-05-2020 12:50 AM
- Got Karma for Re: WebTools app - issues with POST bodies under version 1.2.6. 06-05-2020 12:50 AM
- Got Karma for Re: After upgrading Splunk from 6.0.x to 6.5.0, why are we unable to load dashboards embedded in an iframe?. 06-05-2020 12:48 AM
- Got Karma for Re: After upgrading Splunk from 6.0.x to 6.5.0, why are we unable to load dashboards embedded in an iframe?. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk 6.6.0 not working with IE11 and DNS Name. 06-05-2020 12:48 AM
- Karma Splunk KV store does not start for rbal_splunk. 06-05-2020 12:47 AM
- Got Karma for Re: Limit choices in default TIMEPICKER. 06-05-2020 12:47 AM
- Got Karma for Re: Limit choices in default TIMEPICKER. 06-05-2020 12:47 AM
- Posted Re: WebTools app - issues with POST bodies under version 1.2.6 on All Apps and Add-ons. 12-19-2019 08:57 AM
- Posted WebTools app - issues with POST bodies under version 1.2.6 on All Apps and Add-ons. 12-18-2019 03:06 PM
- Tagged WebTools app - issues with POST bodies under version 1.2.6 on All Apps and Add-ons. 12-18-2019 03:06 PM
- Tagged WebTools app - issues with POST bodies under version 1.2.6 on All Apps and Add-ons. 12-18-2019 03:06 PM
- Posted Re: WebTools App - How to make GET without basic authentication on All Apps and Add-ons. 01-28-2019 08:52 AM
- Posted WebTools App - How to make GET without basic authentication on All Apps and Add-ons. 01-17-2019 10:05 AM
- Tagged WebTools App - How to make GET without basic authentication on All Apps and Add-ons. 01-17-2019 10:05 AM
- Tagged WebTools App - How to make GET without basic authentication on All Apps and Add-ons. 01-17-2019 10:05 AM
- Tagged WebTools App - How to make GET without basic authentication on All Apps and Add-ons. 01-17-2019 10:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 0 |
12-19-2019
08:57 AM
1 Karma
You're right, that is sufficient to fix the POST issues that I have, and is cleaner than changing three lines.
data = json.loads(result[options['datafield']])
->
data = str(result[options['datafield']])
Thanks!
... View more
12-18-2019
03:06 PM
1 Karma
Using version 1.2.6 of WebTools, I am running into into an issue where POSTs with request bodies are being rejected by the service I am calling due to invalid/mutilated JSON. When I run the exact same queries against WebTools version 1.2.2, they work fine. I see some subtle differences in the app's bin\curl.py file that I think are responsible.
Here is the high-level format of my query:
| makeresults
| eval header="{\"Content-Type\":\"application/json\"}"
| eval payload="(...)"
| curl method=post ssl=true user=(...) pass=(...) uri="(...)" datafield=payload headerfield=header debug=true
(...)
I include the "debug=true" to demonstrate a slight difference between 1.2.2 and 1.2.6/.
Under 1.2.6, a payload like this...
{ "query": { "bool": { "must": [ {"term": (...) ... results in the 'curl_data_payload' output of:
{ "query": { "bool": { "must": [ {"term": (...) However, under 1.2.6, the same payload results in the 'curl_data_payload' output of:
{ u'query': { u'bool': { u'must': [ {u'term': (...) which makes sense when I look at the bin\curl.py file and find this line:
data = json.loads(result[options['datafield']])
I played around with bin\curl.py until I could get things to work. If I take this text:
# STREAMING Use Case: iterate through results and run curl commands
if len(results) > 0:
for result in results:
# use JSON encoded header string if provided
if 'headerfield' in options:
headers = json.loads(result[options['headerfield']])
else:
headers = None
# if data in options, set data = options['data']
if 'data' in options:
data = str(options['data'])
# if datafield in options, set datafield = options['datafield']
if 'datafield' in options:
try:
data = json.loads(result[options['datafield']])
except:
data = str(result[options['datafield']])
else:
data = None
# debugging option
if 'debug' in options:
if options['debug'].lower() in ("yes", "true", "t", "1"):
# for debugging we add results which show the options \
# that were sent to the curl command
result['curl_method'] = method
result['curl_verifyssl'] = verifyssl
result['curl_uri'] = uri
result['curl_splunkauth'] = splunkauth
if data != None:
result['curl_data_payload'] = data
if headers:
result['curl_header'] = headers
# based on method, execute appropriate function
if method.lower() in ("get","g"):
Result = get(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("head","h"):
Result = head(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("post","p"):
Result = post(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("put"):
Result = put(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("delete","del","d"):
Result = delete(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
... and make a few adjustments:
# STREAMING Use Case: iterate through results and run curl commands
if len(results) > 0:
for result in results:
# use JSON encoded header string if provided
if 'headerfield' in options:
headers = json.loads(result[options['headerfield']])
else:
headers = None
# if data in options, set data = options['data']
if 'data' in options:
data = str(options['data'])
# if datafield in options, set datafield = options['datafield']
if 'datafield' in options:
data = str(options['datafield'])
else:
data = None
# debugging option
if 'debug' in options:
if options['debug'].lower() in ("yes", "true", "t", "1"):
# for debugging we add results which show the options \
# that were sent to the curl command
result['curl_method'] = method
result['curl_verifyssl'] = verifyssl
result['curl_uri'] = uri
result['curl_splunkauth'] = splunkauth
if data != None:
result['curl_data_payload'] = result[data]
if headers:
result['curl_header'] = headers
# based on method, execute appropriate function
if method.lower() in ("get","g"):
Result = get(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("head","h"):
Result = head(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("post","p"):
Result = post(uri,sessionKey,verifyssl,headers,result[data],user,passwd,timeout)
if method.lower() in ("put"):
Result = put(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
if method.lower() in ("delete","del","d"):
Result = delete(uri,sessionKey,verifyssl,headers,data,user,passwd,timeout)
The queries will work once I make those adjustments.
To be honest, I don't know enough about Python to explain why my adjustments fix things. I basically just looked at how 1.2.2 did things and adjusted the 1.2.6 to match.
Is anybody else running into cases where POSTs with a request body are rejected after updating WebTools to 1.2.6?
Splunk version: 7.1.1
'requests' python module version: 2.6.0
python version: 2.7.5 (default, Jun 11 2019, 14:33:56) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
... View more
01-28-2019
08:52 AM
1 Karma
Yes, the new version fixed the problem. Thanks!
... View more
01-17-2019
10:05 AM
1 Karma
Using the latest version (1.2.0) of WebTools, I am running into an issue where I can’t do a cURL against an API using authentication provided in the header itself. WebTools appears to be forcing Basic authentication (unless Splunk authentication is specified, in which case it builds a custom header).
To demonstrate the issue, here is a vanilla cURL:
In this case, the API is complaining that that I forgot the X-Sysdig-Product header.
If I do the same request in Web Tools, I get a 401 Unauthorized instead of a 400 Bad Request:
Based on what I see in this app's curl.py file, basic authentication is always going to be sent to the "request" library get() method (unless Splunk authorization is specified; then the get call in the 'else' block is selected). I would suggest that "def get(..." in curl.py is modified so that the requests.get() call does not send "auth=(user,password)", if both the user and password inputs are set to the default "None".
try:
if sessionKey == None:
if user ==None and password == None:
r = requests.get(uri,data=payload,verify=verifyssl, headers=headers, timeout=timeout)
else:
r = requests.get(uri,auth=(user,password),data=payload,verify=verifyssl, headers=headers, timeout=timeout)
else:
(…)
... View more
08-07-2018
09:12 AM
Put your browser in dev mode (F12) and use the element selector tool to select the thing you are interested in. This will jump the DOM to where that element is on the page.
Then you have to look at the element's DOM and figure out how to target it precisely with CSS. This is pretty tricky after the 7.1.x update because the entire dashboard is now a deep pile of nested div elements with strange attributes (even things like radio buttons and text inputs)
It was easy in 7.0.0 but to this day I struggle with CSS that will resize a drop-down correctly in 7.1.x. Would be nice if Splunk made it easier to give a specific size to UI elements...
... View more
08-06-2018
08:44 AM
Are you on Splunk > 7.0 and did you use _bump after modifying the CSS?
... View more
08-06-2018
08:43 AM
1 Karma
Yeah my CSS only works for the presets tab column. Looking at the CSS for the 'Advanced' major tab, I see:
(...) data-test-panel-id="advanced" (...)
So logically I would expect this CSS to remove that entire tab:
div[data-test-panel-id^='advanced'] {
display: none !important;
}
... View more
07-16-2018
10:18 AM
1 Karma
In version Splunk 7.0+, dashboard DOM was significantly changed and the CSS example above no longer works. Here is an updated example that will remove the "Real time" column from the "Presets" tab of time pickers:
div[data-test^='real-time-column'] {
display: none;
}
... View more
06-26-2017
08:48 AM
1 Karma
Our users on IE11 with the Compatibility Mode enforced were able to view Splunk prior to the 6.6 update. I conclude the issue is on the Splunk side. In our large enterprise environment the compatibility mode is set via GPO so I can't tell my users to change it as a workaround.
Scripting before the <meta http-equiv="X-UA-Compatible" content="IE=edge" /> directive causes it to be ignored. Per Microsoft documentation, The X-UA-Compatible header isn't case sensitive; however, it must appear in the header of the webpage (the HEAD section) before all other elements except for the title element and other meta elements. https://msdn.microsoft.com/en-us/library/jj676915(v=vs.85).aspx
Here is the top of the HTML generated when I visit a Splunk dashboard in IE11, demonstrating <meta http-equiv="X-UA-Compatible" content="IE=edge" /> being placed after scripting:
<!doctype html>
<!--[if lt IE 7]> <html lang="en" class="no-js ie lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html lang="en" class="no-js ie7 lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html lang="en" class="no-js ie8 lt-ie9"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="no-js ie9"> <![endif]-->
<!--[if gt IE 9]><!--> <html lang="en" class="no-js"> <!--<![endif]-->
<head>
<meta name="referrer" content="never" />
<meta name="referrer" content="no-referrer" />
<script>
window._splunk_metrics_events = {
push : function() {},
active: false,
}
</script>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta charset="utf-8" />
<title>Loading...</title>
(rest of the source omitted)
Here are some simpler examples that demonstrate this issue.
If I visit this webpage in IE11 with the compatibility mode on, it renders in 'edge' (latest) document mode:
<!doctype html>
<html>
<head>
<meta name="referrer" content="never" />
<meta name="referrer" content="no-referrer" />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Test - meta tags are proper</title>
<script>
console.log("logging something to the console");
</script>
</head>
<body>
Test - meta tags are proper
</body>
</html>
If I visit this webpage in IE11 with the compatibility mode on, it renders in IE7 document mode:
<!doctype html>
<html>
<head>
<meta name="referrer" content="never" />
<meta name="referrer" content="no-referrer" />
<script>
console.log("logging something to the console");
</script>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Test - meta tags are after some scripting</title>
</head>
<body>
Test - meta tags are after some scripting
</body>
</html>
The only difference is the position of the script block.
... View more
10-07-2016
08:32 AM
1 Karma
Good questions-
I created a brand-new dashboard (under Splunk 6.5.0) and added it to an iframe. It refused to display when browsed to using IE11 and Chrome 53 on multiple computers.
The web page source is simple:
The dashboard loads perfectly fine outside of an iframe.
... View more
10-06-2016
02:51 PM
1 Karma
That's a great post, but the opposite of my issue.
I am not putting iframes in the Splunk dashboard - an iframe is hosting the splunk dashboard, and the dashboard refuses to render in the iframe because of the x-frame-options.
I edited my post to hopefully make that clearer.
... View more
10-06-2016
01:42 PM
Hello all,
After upgrading Splunk from 6.0.x to 6.5.0, we are unable to load Splunk dashboards that are presented to the users in an iframe.
"Refused to display '(the url)' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."
1) I added the following to C:\Program Files\Splunk\etc\system\local\server.conf:
[httpServer]
x_frame_options_sameorigin = false
2) I also added the following to C:\Program Files\Splunk\etc\system\local\web.conf:
[settings]
x_frame_options_sameorigin = false
After making the two changes above and restarting the splunkd Service, I get the same error above.
According to my research, the settings in system\local should take highest precedence so I'm at a loss as to why neither change has effect.
... View more
