Activity Feed
- Posted Restrict user with write permission to dashboard on Security. 02-26-2025 06:09 AM
- Posted Re: How to find find my reports and alert coming from which directory on Splunk Search. 05-28-2021 01:28 AM
- Posted Re: How to find find my reports and alert coming from which directory on Splunk Search. 05-27-2021 08:59 AM
- Posted Re: How to find find my reports and alert coming from which directory on Splunk Search. 05-27-2021 08:38 AM
- Posted Re: How to find find my reports and alert coming from which directory on Splunk Search. 05-27-2021 08:21 AM
- Posted How to find find my reports and alert coming from which directory on Splunk Search. 05-27-2021 08:03 AM
- Posted Re: Removing write access of admin for few of the reports and alerts on Splunk Enterprise. 05-26-2021 09:59 AM
- Posted Removing write access of admin for few of the reports and alerts on Splunk Enterprise. 05-26-2021 08:10 AM
- Posted Re: Splunk 6.5.0: Why is an embedded iframe in my dashboard not displaying? on Dashboards & Visualizations. 05-10-2021 01:24 AM
- Posted Re: iframes and views broken after Splunk 6 upgrade on Dashboards & Visualizations. 05-08-2021 09:19 PM
- Posted Re: Splunk 6.5.0: Why is an embedded iframe in my dashboard not displaying? on Dashboards & Visualizations. 05-08-2021 08:48 PM
- Posted Re: Splunk 6.5.0: Why is an embedded iframe in my dashboard not displaying? on Dashboards & Visualizations. 05-08-2021 10:21 AM
- Posted Re: Splunk 6.5.0: Why is an embedded iframe in my dashboard not displaying? on Dashboards & Visualizations. 05-08-2021 07:35 AM
- Posted Re: Splunk 6.5.0: Why is an embedded iframe in my dashboard not displaying? on Dashboards & Visualizations. 05-07-2021 10:07 AM
- Posted Iframe not getting loaded in splunk 8.0.6 on Dashboards & Visualizations. 05-07-2021 06:30 AM
- Posted Attaching external document with the triggered Alert on Splunk Enterprise. 02-19-2021 09:49 PM
- Posted Re: splitting and sending the value from drill down to other dashboard on Splunk Search. 01-26-2021 12:32 AM
- Karma Re: splitting and sending the value from drill down to other dashboard for renjith_nair. 01-26-2021 12:24 AM
- Posted splitting and sending the value from drill down to other dashboard on Splunk Search. 01-22-2021 05:58 AM
- Posted Re: How to show only related fields when condition matches on Splunk Search. 01-17-2021 08:15 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-26-2025
06:09 AM
Hi, I have a case where I was to restrict user from edit option and cloning the dashbaord. Currently we have 200+ dashboards with read-write permission and we can't exclude them from current role. What I did now I created new role say restricted and plan is to keep every thing as it is and make dashboard enable with new role . Issue We have 200+ dashboards, manually doing is not feasible here...is there way I can one shot revoke the write access(current role) and assign dashboard with new role which will restrict users.
... View more
Labels
- Labels:
-
permissions
05-28-2021
01:28 AM
Yes , the plan is to have weekly once release or pushing the KO via svn, and this would make owner of KO as nobody..hence we would restrict any developer to do changes on fly..
... View more
05-27-2021
08:59 AM
Haha....gotcha.... Just one last thing if we do deployment via svn(our KO), do that go to the local directory and not the defualt? Just curious to know
... View more
05-27-2021
08:38 AM
Basically they want to make sure no one has write access to these objects....and we are make release and putting the alerts and reports to defualt location
... View more
05-27-2021
08:21 AM
Thanks for the quick response @gcusello , I understand the physical location , but my ask here is do we see any |rest call or another option from where I can see the path... Like the end user do not want to see the physically where it is stored but want to see in path if the report/ alert is comming from default or local...
... View more
05-27-2021
08:03 AM
Hi Team, Need help in identifying how can we find the path/directory of my alers and reports.. For ex all my alerts and reports are stored in defualt.meta .... Where can I see this path/directory name from UI to prove this
... View more
- Tags:
- directory
05-26-2021
09:59 AM
For reports and alerts, how to hide the clone button....when we to report and alerts we see all the reprt along that action field under that we see clone...I want to hide that /or not show...from which conf file we can achive..? Default.meta I did not find option
... View more
05-26-2021
08:10 AM
Hi Team, As part of audit question - can we remove the admin write role from few of reports and alerts...we don't want any one to do change including admin..how can we achieve this from configuration end? And also want to remove clone option from UI to all reports and alerts from configuration
... View more
Labels
- Labels:
-
administration
-
configuration
05-10-2021
01:24 AM
Yes I tried that as well.. One curious thing....I see few of the example working fine like -https://intellectualpoint.com ...but when tried for https://tableau.com that did not work and I see same errror
... View more
05-08-2021
09:19 PM
Hi, Do we any documentation for this type of issue , as it's with every upgrade I am havng same issue with Splunk 8.0.6, and the above is not helping me to load iframe Tried the same in web.conf
... View more
05-08-2021
08:48 PM
did not make any difference, I know this was work when doing this in splunk 8.1 but my splunk 8.0.6, it's still shown X-frame-options to sameorigin
... View more
05-08-2021
10:21 AM
This is something I tried Web.conf-- dashboard_html_allow_inline_styles = true dashboard_html_allow_embeddable_content= true dashboard_html_allow_embeddable_content=true dashboard_html_wrap_embed=true dashboard_html_allow_iframes=true dashboard_html_allowed_domains = https://youtube.com
... View more
05-08-2021
07:35 AM
Tried this , but no luck.....I see same error x-frame-options set to sameorigin It's splunk 8.0.6
... View more
05-07-2021
10:07 AM
I tried this in Splunk 8.0.6, but that did not work, I change this in system/local/web.conf n server.conf and also app/lical
... View more
05-07-2021
06:30 AM
Hi Team, I am trying to use iframe to load tableau dashboard , until splunk 7.x it was working fine, but after upgrade to splunk 8.0.6, it's not getting loaded. I could see answers in forum and I did below changes but still did not work, any other change I need to do? Web.conf x_frame_options_sameorigin = false replyHeader.Content-Security-Policy= frame-ancestors-self Server.conf x_frame_options_sameorigin = false
... View more
Labels
- Labels:
-
panel
02-19-2021
09:49 PM
Hi , I am trying to attach external document(1.5MB size) with the alerts getting triggered, so that user can refer to the document and take action. But not able to find any option to do so, please guide, if any one has tried such use case.
... View more
Labels
- Labels:
-
development
01-26-2021
12:32 AM
Thanks for this approach....although I had to do drilldown to another dashboard...but the split logic used in drilldown was the need for me...thanks a lot
... View more
01-22-2021
05:58 AM
HI , I am trying to send values from one panel to another dashboard using drill down , is it possible to split the value and then send.... I have field name "host: Running" , "service: Running" , "URL: Running" in main dashboard, these are generated fields, when i click on any field it should trigger drill down In my drilldown dashboard I have a dropdown and want only the "host" from main dashboard, Drill Down Dropdown service: Running Expected Dropdown service Basically want to split the value in main dashboard My drilldown form.token=$click.name2$
... View more
01-17-2021
08:15 PM
@gcusello , The solution works , but i am getting all the fields values concatenated under one field. Is it possible we have have each field as separate for example, extending the below use case Your_search
| eval display_fields=case(myField="xyz", id." - ".salary." - ".department, myField="abc", location." - ".address." - ".phone, myField="ddd",age." - ".ht." - ".gender)
| table _time myField display_fields I want in below format _time myField Id salary department time vaue xyz 1 1000000 cse time value xyz 2 2000000 IT
... View more
- Tags:
- eval
08-06-2020
05:12 PM
@richgalloway
... View more
08-06-2020
06:27 AM
I Tried some thing below but that did not help .. and use the "singleValuePanel" in search <row> <panel depends="$alwaysHideCSSPanel$"> <html> <style> #singleValuePanel th[data-sort-key="Run Id"]{ width: 40% !important; } </style> </html> </panel> </row>
... View more
08-04-2020
03:37 AM
@niketn ... how can we disable hover for a particular field in bar chart ? like for table fields used below html <row depends="$alwaysHideCSSPanel$"> <panel> <html> <style> #disablecursorapp table tbody tr td:nth-child(2){ cursor: default !important; } </style> </html> </panel> </row>
... View more
08-04-2020
02:27 AM
The below sol would not filter by event and 2 nd app/join both are taking lot of time to run, do we see any alternative of this,
... View more
08-04-2020
01:57 AM
Hi, I have scenario where index and sourcetype are same and i am tryng below conditions. chart dc(run) OVER app by event---- this will give me dc of run for each app for each event stats dc(run) as run by app-- this will give me dc of run by app........ i used join to get this done ike below, but this is taking lot time to run query, base search... |chart dc(run) OVER app by event | join app [search source =mysource | stats dc(run) as run by app ] |eval new_val = run - event1- event2 | fields app event1 event2 new_val new run
... View more
Labels
- Labels:
-
join
07-31-2020
01:08 AM
could get ths done by adding fillnull value = 0 field1 field 2. at the end of query
... View more
