Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

WorkflowMaker file

Use this template to create your workflowMaker.html file and create a new URL to point to the suppression editor. See "Create a new workflow" in "Suppress notable events from new correlations searches" in this manual for more details.

<html>
	<head>
		<style>
			.label{
				width: 150px;
				float: left:
			}
			
			input{
				width: 800px;
				margin-bottom: 32px;
			}
		</style>
	</head>

	<body>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script>
		
		<script type="text/javascript">

		    basic_search = "/app/SplunkEnterpriseSecuritySuite/ess_notable_suppression_new?start_time=$_time$&wz";
		
			function process(event, previousText){
				s = "/app/";
				
				s = s + escape( $('#app').val() ).replace(/%24/gi, "$");
				s = s + "/" + escape( $('#suppress_edit_view').val() ).replace(/%24/gi, "$") + "?start_time=$_time$&wz";
				
				s = s + "&search=" + escape( $('#search').val() ).replace(/%24/gi, "$");
				s = s + "&description=" + escape( $('#description').val() ).replace(/%24/gi, "$");
				s = s + "&name=" + escape( $('#name').val() ).replace(/%24/gi, "$");
				
				$('#result').html(s);
				
				summary = "# Suppression meta-data:";
				
				summary = summary + "\n#    search     : " + $('#search').val();
				summary = summary + "\n#    description: " + $('#description').val();
				summary = summary + "\n#    name       : " + $('#name').val();
				
				summary = summary + "\n#    app        : " + $('#app').val();
				summary = summary + "\n#    view       : " + $('#suppress_edit_view').val();
				
				$('#summary').html(summary);
			}
		
			$(document).ready(function() {
			  	$('#search').bind('textchange', process);
			  	$('#description').bind('textchange', process);
			  	$('#name').bind('textchange', process);
			  	$('#app').bind('textchange', process);
			  	$('#suppress_edit_view').bind('textchange', process);
			});
		</script>
		
			<div class="label">Search: </div>
			<div><input id="search" value='index=notable source="$source$"' /></div>
			
			
			<div>Description:</div>
			<input id="description" value='Suppresses "$source$" alerts' />
			
			<div>Name:</div>
			<input id="name" value='$source$' />
			
			<!--  <div>App:</div> -->
			<input type="hidden" id="app" value='SplunkEnterpriseSecuritySuite' />
			<!--  <input type="hidden" id="app" value='SplunkPCIComplianceSuite' /> -->
			
			<!-- <div>Suppression Editor:</div>  -->
			<input type="hidden" id="suppress_edit_view" value='ess_notable_suppression_new' />
			<!-- <input type="hidden" id="suppress_edit_view" value='pci_notable_suppression_new' /> -->
		
		<div><b>Resulting URL:</b></div>
		<div id="result"></div>
		<p/>
		<pre id="summary">

<script> // jQuery Text Change Event // http://www.zurb.com/playground/jquery-text-change-custom-event // // Simple cross browser detection of text changes // for input and textarea elements using a jQuery custom event plugin by ZURB // // date: 2010-06-19 15:52 // fork from gist: http://gist.github.com/424774 // revision: aef6d4612eecda17f47ad7ec58f199c12061fedd

(function ($) {

$.event.special.textchange = {

setup: function (data, namespaces) { $(this).bind('keyup.textchange', $.event.special.textchange.handler); $(this).bind('cut.textchange paste.textchange input.textchange', $.event.special.textchange.delayedHandler); },

teardown: function (namespaces) { $(this).unbind('.textchange'); },

handler: function (event) { $.event.special.textchange.triggerIfChanged($(this)); },

delayedHandler: function (event) { var element = $(this); setTimeout(function () { $.event.special.textchange.triggerIfChanged(element); }, 25); },

triggerIfChanged: function (element) { var current = element.attr('contenteditable') ? element.html() : element.val(); if (current !== element.data('lastValue')) { element.trigger('textchange', element.data('lastValue')); element.data('lastValue', current); } } };

$.event.special.hastext = {

setup: function (data, namespaces) { $(this).bind('textchange', $.event.special.hastext.handler); },

teardown: function (namespaces) { $(this).unbind('textchange', $.event.special.hastext.handler); },

handler: function (event, lastValue) { if ((lastValue === || lastValue === undefined) && lastValue !== $(this).val()) { $(this).trigger('hastext'); } } };

$.event.special.notext = {

setup: function (data, namespaces) { $(this).bind('textchange', $.event.special.notext.handler); },

teardown: function (namespaces) { $(this).unbind('textchange', $.event.special.notext.handler); },

handler: function (event, lastValue) { if ($(this).val() === && $(this).val() !== lastValue) { $(this).trigger('notext'); } } };

})(jQuery); </script>

</body>

</html>

Last modified on 28 January, 2013
PREVIOUS
Log files
  NEXT
FAQ

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters