Also you can add your css classes dashboard.css to you app to apply for all dashboards /splunk/apps/yourApp/appserver/static/dashboard.css ... View more

Try creating a custom command and implement your own logic in python to achieve your requirement http://docs.splunk.com/Documentation/Splunk/6.0.8/AdvancedDev/SearchScripts ... View more

Create a role And Attach your filter to that role... Check.. [role_<< roleName >>] --> srchFilter in https://docs.splunk.com/Documentation/Splunk/latest/Admin/authorizeconf or Give your filter in the field Restrict search terms in UI while creating role And Assign that role to your User ... View more

Yes You Can... http://wiki.splunk.com/Community:40GUIDevelopment Implement your logic to get the list of directories and create an html to display your content ... View more

For the Question Number One : Answer: Your Understanding is correct For the Question Number Two : Answer: I couldn't understand your question For the Question Number Three: Answer is : Normally the insecure login request URL will be like http://sh-ip:8000/account/insecurelogin?username= &password= &return_to= Yes Splunk will create a new session for every request sent to the URL "/account/insecurelogin?" But, you can avoid that by identifying the difference between the first (successfull) request and further request.. If you manage to identify that , you can send "/account/insecurelogin?" until you create a session and after creating a session just sending the direct dashboard link will return you the corresponding page.. (Internally for the second request you browser will attach the success full session cookies and let the splunk remember that session.. ) How to identify a successfull login......... 1. On successful loading of any dashboard inside iframe.. you can update a variable of parent window javascript variable(e.g : window.top.isSplunkLoded = true;)... 2. Next time before populating iFrame URL you can check isSplunkLoded and populate just dashboard link without "/account/insecurelogin?" link 3. You can write your code to populate isSplunkLoded either in application.js or in template HTMLs if you are uisng anything.. Just Make sure that script runs when you splunk [age loaded successfully... The challenge is, You cannot access parent window properties from the script inside iframe.. Since your UI and Splunk are different domain... You have to make both as a same domain.... 1. You can have a comman proxy server that redirects to UI and SPlunk SH based on URL pattern. and expoes that server to the user.. 2. Set a common base URL for your UI and redirect user to UI when you get that URL pattern 3. Splunk's URL will follow some common patterns like /splunkApp , /en-, /insecurelogin..... Redirect these items to splunk 4. Just give relative path in iframe "/account/insecurelogin?username= &password= &return_to= " Check for httpd.conf configuration to create proxy server and redirection ... View more

Splunk REST will return xml in ODATA format... For example, https://localhost:8089/servicesNS/-/search/saved/searches This search will return list of saved searches.. One **** tag for each saved searches Each entry tag contains child tags **** (More than one) , these tag contains URLs related to that particular saved search and the relation is defined by the attribute "rel".. Pick the one with "rel" as "remove" and send a ajax request with http_method DELETE or use any REST Clients (Post Man REST client plugin for chrome).. you can remove it ... View more

You are welcome 🙂 ... View more

If you are good in html and javascript, Create your own HTML with a drop down and an iFrame Add a onchange event listener javascript method to that dropdown Based on the value of the dropdown change the src attribute of that iframe(with your dashboards URL) Now attache you a html page to any dashboard using the IFramInclude module (http://localhost:8000/en-US/modules#Splunk.Module.IFrameInclude) Hope this helps you ... View more

Try this.. http://wiki.splunk.com/Community:40GUIDevelopment ... View more

If you want four tabs... Create four individual views (xml) Create a custom module with four tabs using html ul & li elements. attach an on click event to those tabs and load individual views inside an iframe when you got a click on the tabs ... View more

Entry will be created inside users folder splunk/etc/users/userName/AppName/local/savedsearches.conf ... View more

For that also an entry will be created in savedsearch.conf file.. Please try changing that ... View more

Adding the below property to the corresponding entry in savedsearches.cond will add the view link action.email.include.view_link = 1 ... View more

Create a saved search and schedule it ... http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/Savedsearch https://answers.splunk.com/answers/238526/how-to-create-a-saved-search.html and and in the saved search query Use "collect" to store the results to another index/report http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/Collect ... View more

If You Just want to load two JS files to a simple-XML... Give two script file name separated by comma... script="yourUtil.js,yourPrimary.js" yourUtil.js will be loader first and yuorPrimary.js will be loaded... i.e.. in the same order as you define 🙂 ... View more

Send "count" as "0" along with your rest end point.... count parameter defines the number of entries... count = 0 means everything 😛 i.e. https://localhost:8089/servicesNS/-/MyApplication/data/ui/views?count=0 ... View more

refer http://answers.splunk.com/answers/283816/how-to-load-javascript-css-in-splunk-to-build-a-da.html ... View more

Create a Custom Module... http://docs.splunk.com/Documentation/Splunk/6.2.3/Module/Createacustommodule You can use the jQueryUI available inisde splunk.. it is exposed in /static/css/jqueryui/jquery.ui.resizable.css /static/js/contrib/jquery-ui-1.10.4.min.js Version mar vary based on the version of splunk that you use.. Please have a look into Splunk\share\splunk\search_mrsparkle\exposed\js (in your splunk instance folder 🙂 ) ... View more

Add these properties to your map tag <map> <option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option> <option name="mapping.tileLayer.subdomains">[a,b,c]</option> <option name="mapping.tileLayer.maxZoom">18</option> <option name="mapping.tileLayer.attribution"> Map data (c) 2012 OpenStreetMap contributors, CC-BY-SA. </option> </map> You can get different layers URl from this site http://wiki.openstreetmap.org/wiki/OpenLayers ... View more

Change the color means.. Do you want to change the tiles.. If you want to change the tile please refer... <option name="mapping.tileLayer.url">http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png</option> <option name="mapping.tileLayer.subdomains">[a,b,c]</option> <option name="mapping.tileLayer.maxZoom">18</option> In http://docs.splunk.com/Documentation/Splunk/latest/Viz/PanelreferenceforSimplifiedXML#map if you want to change the plot colors.. please refer mapping.seriesColors in the same URL ... View more

How to extend view --- : If you are using advanced xml to create your views. Then you can customize your views using application.js, application.css sample application.js switch (Splunk.util.getCurrentView()) { case "view_name": if (Splunk.Module.ModuleName) { Splunk.Module.ModuleName = $.klass(Splunk.Module.ModuleName, { methodOfThatModule :function(){ // Your custom implementation } } }); How to replace modules : 1. You can have a customized copy of those modules inside your app and flush and replace the original file inside splunk on deploying your app or restart your app by executing a shell scrip with the help of inputs.conf 2. Create and use custom modules by extending the original one How to extend a module with a custom logic : Same available in appliation.js ... View more