@hhunsinger_spluWe have several apps in Splunkbase where the icon's background color is white (example). How can we have it changed to transparent? The icon's PNG file has transparent corners and we do not specify a color in default.xml. ... View more

If memory serves, the tokens are limited to the following: sid rid time earliest latest action_name That said if you "redirect" to the search bar, or a custom dashboard with something like the below, "/SplunkEnterpriseSecuritySuite/search?q=search notable | search orig_sid=$sid$&earliest=-24h&latest=now" That should pull up the notables associated with that sid (which is what incident review is basically doing already, it's just an example), you could of course change that search to go looking for IP addresses or other information - but the short answer is that those fields can't get passed into a new view from incident review - you need to figure out how to surface them manually. ... View more

| rest /servicesNS/-/-/data/ui/views | search "eai:acl.app"=NameOfApp eai:acl.perms.read!=admin eai:acl.sharing=app ... View more

Is there any other way to do this? Because in my case I have created one add-on which is not visible, so I don't need the navigation menu XML and now to give background color to app icon only I will have to add this XML without any use. ... View more