Additional configuration for embedded reports
Report embedding can work for users who have the
embed_reports capability associated with their role without any additional
.conf file configuration. However, there are a few configuration attributes that Splunk administrators should be aware of.
Set the embedSecret attribute if you use search head clustering
When you embed reports, Splunk software generates URLs that point to the reports in your Splunk deployment. These URLs normally can only be used on the search head on which they were generated. If you set a string value for the
embedSecret parameter in
server.conf all search heads in a search head pool can use the same URL.
You can set any string value for
embedSecret. Think of it as a sort of password. The
embedSecret parameter has no value by default.
Bypass SSO authentication if necessary
When Splunk software embeds a report in an external web page, it makes several HTTP requests to various resources that in some cases may invoke the SSO authentication system. To get around this, update the
embed_uri attribute in
web.conf with an alternative URI IP address, host, or port prefix. This hardcodes the path so it always goes through an externally accessible IP address or host name.
If you have set the root_endpoint attribute
If you have set an explicit value for the
root_endpoint attribute in
web.conf, append that value to whatever you define for
For example, if you've set
root_endpoint = /splunkui
and you want to set
http://foobar:8088, then you'll need to append the
root_endpoint value to your
embed_uri value like this:
embed_uri = http://foobar:8088/splunkui
By default the
embed_uri parameter is empty. It resolves to the client browser
window.location.protocol + "//" + window.location.host.
By default embedded reports display a footer that includes the Splunk logo. You can optionally change this to a text string. Go to the
embed_footer attribute in
web.conf and give it a different string. You can't use HTML markup.
Although the default setting of
embed_footer = splunk> displays the Splunk logo as the footer, you cannot use this parameter to insert alternative icons or images.
Disable report embedding globally
You can optionally disable report embedding for all users of a particular Splunk Enterprise deployment. In
server.conf, change the value of the
allowEmbedTokenAuth parameter from
The embed.enabled parameter
The saved searches endpoint adds the
embed.enabled parameter to scheduled report stanzas in
savedsearches.conf when you embed those reports. The
embed.enabled parameter determines whether or not a given report is enabled for embedding. It is set to
1 if it is enabled.
Embed scheduled reports
Configure the priority of scheduled reports
This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0