Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About tfellinger
tfellinger
New Member
Member since:
08-07-2014
05-18-2023
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-07-2014 |
Activity Feed
- Posted Re: Why the error "Socket error from [Search Head IP] while accessing /services/streams/search: broken pipe"? on Splunk Enterprise. 01-01-2023 12:08 AM
- Posted Re: Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard on Splunk Enterprise Security. 09-24-2019 04:34 AM
- Posted Re: Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard on Splunk Enterprise Security. 09-24-2019 03:39 AM
- Posted Re: Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard on Splunk Enterprise Security. 04-18-2019 06:11 AM
- Posted Re: How to integrate splunk into keycloak as an IDP Provider? on Security. 10-31-2018 10:26 AM
- Posted Re: How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 12-29-2017 12:06 AM
- Posted Re: ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 04-01-2017 05:10 AM
- Posted Re: ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 10:46 PM
- Posted ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 06:07 AM
- Tagged ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 06:07 AM
- Tagged ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 06:07 AM
- Tagged ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 06:07 AM
- Tagged ldapsearch in javascript: search:done event fires before results are really received on Dashboards & Visualizations. 03-01-2017 06:07 AM
- Posted Re: Collecting logon/logoff logs from Active Directory on Getting Data In. 01-13-2017 06:28 AM
- Posted Re: Cannot access REST API via Javascript Client on Getting Data In. 11-02-2016 12:01 AM
- Posted Re: How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 10-28-2016 05:37 AM
- Posted How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 09-28-2016 01:14 AM
- Tagged How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 09-28-2016 01:14 AM
- Tagged How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 09-28-2016 01:14 AM
- Tagged How to create a saved search and alert from a SimpleXML JavaScript dashboard? on Dashboards & Visualizations. 09-28-2016 01:14 AM
Topics I've Started
01-01-2023
12:08 AM
Did any of you ever fixed this issue? If so, how? Thanks!
... View more
09-24-2019
04:34 AM
Thanks shrutheen! I will try ES 5.2.2 and see if that helps!
Cheers, Thomas
... View more
09-24-2019
03:39 AM
We did not had this problem for a while, but now it came back. I will open a case and see what the splunks say about it.
... View more
04-18-2019
06:11 AM
Same here with 7.2.1 and ES 5.2.0. Anyone fould a solution yet?
... View more
10-31-2018
10:26 AM
Hi Ram,
did you get KeyCloak up and running? Any hints or things you wanna share maybe?
Thanks,
Thomas
... View more
12-29-2017
12:06 AM
Yes, I ditched the jQuery xhr method and used plain JavaScript xmlHttpRequest instead. This way the header is not added and you can interact with the API.
Since there has to be some creds for the API which must be accessible from the JavaScript I think this is not a good and secure solution. Afterwards I thought it would be maybe better to create a custom command for this, because custom commands are receiving an API token on execution. This would solve the "authentication problem" probably more elegantly.
Otherwise I think there are some ways to store creds more securely than just putting them into the JavaScript...just FYI if you want to build something similar. In my case I granted the used API user only as much permissions as needed and additionally I created a dashboard based on audit data to monitor if this is not abused by some attacker with access to splunk.
... View more
04-01-2017
05:10 AM
Thx guys! Works great! 🙂
... View more
03-01-2017
10:46 PM
Hello,
great! Thanks for the workaround...I will try this today.
As you do it differently I guess you don't know exactly why my code is not working?
Do you use your approach also with ldapsearch? I am a bit sceptical if ldapsearch is really compatible with procedures like this...
Thanks!
... View more
03-01-2017
06:07 AM
Hello fellow splunkers,
I have a dashboard with some custom javascript looking like this:
// Define search command to find email addresses of managers
var search_managersMail = new SearchManager({
id: "search_managersMail",
search: mvc.tokenSafe('| ldapsearch domain=default search="(&(objectClass=group)(distinguishedName=$manager_selected$))" | ldapgroup | mvexpand member_dn | ldapfilter domain=default search="(&(distinguishedName=$$member_dn$$)(samAccountType=805306368))" attrs="mail" | fields mail'),
autostart: false,
cache: false,
exec_mode: "blocking"
});
// Action when save button is clicked
$("#btn-submit").on("click", function (){
search_managersMail.startSearch();
// Handle results if search is done
search_managersMail.on("search:done", function(properties) {
var search_managersMailResults = search_managersMail.data("results");
for (i = 0; i < search_managersMailResults.data().rows.length; i++){
managersMail += "," + search_managersMailResults.data().rows[i][0];
The problem looks like a race condition to me.
When the button btn-submit is pressed and the code hits the line "for (i = 0; i < search_managersMailResults.data().rows.length; i++){" I get in the debugger: search_managersMailResults.data() is undefined.
Just a second after this I see that the results are coming in via a GET Request...so the question is: Why does search:done even fire, when the results are not really here already. Is it because of ldapsearch? Is this approach not doable with ldapsearch?
In my lab this works fine, so the code should be good enough...but in the production enviroment I always get this error that the search_managersMailResults.data() is undefined and afterwards I see the correct results flying in...why is this happening in this order? Is there any way to make the code really wait for the results of the search before parsing the results?
Thanks,
Thomas
... View more
01-13-2017
06:28 AM
When you say "DNS, Users and Groups" are not found, what do you mean exactly by that?
Did you activate a GPO to audit Logon/Logoff events?
... View more
11-02-2016
12:01 AM
I know this is an old thread, but if someone is looking for a workaround, maybe they stumble upon this thread.
I tried to make AJAX calls to the REST API from within dashboard javascript with the same result. Seems like jQuery is always adding the "x-splunk-form-key" header (I thinks thats the CSRF token for the webgui). Since this header is not allowed, it results in a CORS violation. Everything I tried with jQuery's $.ajax() failed (setting the header to "", " " or null). If you try to remove the header completely with ajaxSetup the gui will break 😕
So the workaround I used was to use javascript's XmlHttpRequest object (var xhr = new XMLHttpRequest();). With this the header is not added and so the ajax request works like a charm.
... View more
10-28-2016
05:37 AM
Since there is no documented way of adding saved searches / alerts via the web framework, I thought I try to connect to the REST API with jquery from inside the dashboard like:
var getSessionKey = $.ajax({
type: "POST",
url: "http://172.x.x.x:8089/services/auth/login",
data: "username=xxx&password=xxx",
crossDomain: true
}),
I edited the server.conf to allow CORS (crossOriginSharingPolicy = *), but this is also not working. It seems like Splunk is adding the header "x-splunk-form-key" automatically to every request. Since the only allowed header for CORS regarding the REST API is "authorization" this request fails, because of a CORS violation.
I tried to remove the header for my request with things like...
beforeSend: function(xhr){
xhr.setRequestHeader('x-splunk-form-key', ' ');
},
or
beforeSend: function(xhr){
xhr.setRequestHeader('x-splunk-form-key', null);
},
, but unfortunately this changes nothing in the request. I also did not find any way to allow additional headers for REST API requests.
Any ideas from anyone?
Thanks!
... View more
09-28-2016
01:14 AM
I am trying to find a way to create an alert out of a SimpleXML Dashboard with Javascript added.
I can find a lot of examples demonstrating this with the SDK, but I think this is just usable if you connect from the outside to Splunk, isn't it?
As I can see one has to instantiate the splunkjs-service to get methods for creating / saving searches, but how can I do this from a javascript embedded in a dashboard?
http://docs.splunk.com/DocumentationStatic/WebFramework/1.1/
This looks like in SearchManager and SavedSearchManager there a not methods for saving the searches...how can I achieve this? Can someone point me in the right direction?
Thanks!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-18-2023
07:25 AM
|
