This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6
Take any chart or graph created by Splunk and embed it in another web application. Currently, Splunk does not have single sign-on implemented, so you will have to use an insecure login to authenticate against Splunk.
NOTE: Anybody with access to the page can get the user credential by viewing the page source.
First, enable insecure login via web.conf by adding the following stanza:
[settings] enable_insecure_login = true ...
Then, you must restart Splunk.
If you're unfamiliar with how Splunk configuration files work, read the Admin manual topic about configuration files.
Next create a view XML that contains the element you want to embed in your third party app (eg a graph or chart). This view cannot use the simplified XML but must be written in advanced XML.
Here's an example view from $SPLUNK_HOME/etc/apps/my_test_app/local/data/ui/views/my_view.xml:
<view template="dashboard.html">
<module name="HiddenSearch" autoRun="True" layoutPanel="panel_row1_col1">
<param name="search">sourcetype=access_common | timechart span=5m count</param>
<param name="earliest">-24h</param>
<module name="HiddenChartFormatter">
<param name="chart">line</param>
<param name="primaryAxisTitle.text">Time</param>
<param name="legend.placement">bottom</param>
<param name="chartTitle">Stuff past 24 hours</param>
<module name="JobProgressIndicator"/>
<module name="FlashChart"/>
</module>
</module>
</view>
Refresh your view when you make changes to it by loading this URI:
https://myhost.com:8089/servicesNS/myuser/search/data/ui/views?refresh=1
It is not necessary to refresh as the same user, just any valid user.
Finally, iframe that view into your third party app, via the /insecurelogin endpoint:
http://splunkserver:8000/account/insecurelogin?username=admin&password=changeme&return_to=/app/foo/myview
Remember that the value of the “return_to” parameter must be URI-escaped (http://meyerweb.com/eric/tools/dencoder/ ). The resulting HTML page will render that view within the iframe element.
Here's an example of adding an iframe into html:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Splunk Stuff</title> </head> <body> <!-- content starts here --> <h1>Hey Look At My Pretty Pictures!</h1> <iframe src ="http://myhost:8000/account/insecurelogin?username=test_user&password=changeme&return_to=%2Fapp%2Fmy_test_app%2Fmy_view" width="100%" height="300"> <p>Your browser does not support iframes.</p> </iframe> <!-- content ends here --> </body> </html>