Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

WorkflowMaker file

Use this template to create your workflowMaker.html file and create a new URL to point to the suppression editor. See "Create a new workflow" in "Suppress notable events from new correlations searches" in this manual for more details. 

<html>
	<head>
		<style>
			.label{
				width: 150px;
				float: left:
			}
			
			input{
				width: 800px;
				margin-bottom: 32px;
			}
		</style>
	</head>

	<body>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script>
		
		<script type="text/javascript">

		    basic_search = "/app/SplunkEnterpriseSecuritySuite/ess_notable_suppression_new?start_time=$_time$&wz";
		
			function process(event, previousText){
				s = "/app/";
				
				s = s + escape( $('#app').val() ).replace(/%24/gi, "$");
				s = s + "/" + escape( $('#suppress_edit_view').val() ).replace(/%24/gi, "$") + "?start_time=$_time$&wz";
				
				s = s + "&search=" + escape( $('#search').val() ).replace(/%24/gi, "$");
				s = s + "&description=" + escape( $('#description').val() ).replace(/%24/gi, "$");
				s = s + "&name=" + escape( $('#name').val() ).replace(/%24/gi, "$");
				
				$('#result').html(s);
				
				summary = "# Suppression meta-data:";
				
				summary = summary + "\n#    search     : " + $('#search').val();
				summary = summary + "\n#    description: " + $('#description').val();
				summary = summary + "\n#    name       : " + $('#name').val();
				
				summary = summary + "\n#    app        : " + $('#app').val();
				summary = summary + "\n#    view       : " + $('#suppress_edit_view').val();
				
				$('#summary').html(summary);
			}
		
			$(document).ready(function() {
			  	$('#search').bind('textchange', process);
			  	$('#description').bind('textchange', process);
			  	$('#name').bind('textchange', process);
			  	$('#app').bind('textchange', process);
			  	$('#suppress_edit_view').bind('textchange', process);
			});
		</script>
		
			<div class="label">Search: </div>
			<div><input id="search" value='index=notable source="$source$"' /></div>
			
			
			<div>Description:</div>
			<input id="description" value='Suppresses "$source$" alerts' />
			
			<div>Name:</div>
			<input id="name" value='$source$' />
			
			<!--  <div>App:</div> -->
			<input type="hidden" id="app" value='SplunkEnterpriseSecuritySuite' />
			<!--  <input type="hidden" id="app" value='SplunkPCIComplianceSuite' /> -->
			
			<!-- <div>Suppression Editor:</div>  -->
			<input type="hidden" id="suppress_edit_view" value='ess_notable_suppression_new' />
			<!-- <input type="hidden" id="suppress_edit_view" value='pci_notable_suppression_new' /> -->
		
		<div><b>Resulting URL:</b></div>
		<div id="result"></div>
		<p/>
		<pre id="summary">

<script> // jQuery Text Change Event // http://www.zurb.com/playground/jquery-text-change-custom-event // // Simple cross browser detection of text changes // for input and textarea elements using a jQuery custom event plugin by ZURB // // date: 2010-06-19 15:52 // fork from gist: http://gist.github.com/424774 // revision: aef6d4612eecda17f47ad7ec58f199c12061fedd

(function ($) {

$.event.special.textchange = {

setup: function (data, namespaces) { $(this).bind('keyup.textchange', $.event.special.textchange.handler); $(this).bind('cut.textchange paste.textchange input.textchange', $.event.special.textchange.delayedHandler); },

teardown: function (namespaces) { $(this).unbind('.textchange'); },

handler: function (event) { $.event.special.textchange.triggerIfChanged($(this)); },

delayedHandler: function (event) { var element = $(this); setTimeout(function () { $.event.special.textchange.triggerIfChanged(element); }, 25); },

triggerIfChanged: function (element) { var current = element.attr('contenteditable') ? element.html() : element.val(); if (current !== element.data('lastValue')) { element.trigger('textchange', element.data('lastValue')); element.data('lastValue', current); } } };

$.event.special.hastext = {

setup: function (data, namespaces) { $(this).bind('textchange', $.event.special.hastext.handler); },

teardown: function (namespaces) { $(this).unbind('textchange', $.event.special.hastext.handler); },

handler: function (event, lastValue) { if ((lastValue === || lastValue === undefined) && lastValue !== $(this).val()) { $(this).trigger('hastext'); } } };

$.event.special.notext = {

setup: function (data, namespaces) { $(this).bind('textchange', $.event.special.notext.handler); },

teardown: function (namespaces) { $(this).unbind('textchange', $.event.special.notext.handler); },

handler: function (event, lastValue) { if ($(this).val() === && $(this).val() !== lastValue) { $(this).trigger('notext'); } } };

})(jQuery); </script>

</body>

</html>

Last modified on 28 January, 2013
Log files   FAQ

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters