Additional configuration for embedded reports
Report embedding can work for users who have the embed_report capability associated with their role without any additional .conf file configuration. However, there are a few configuration attributes that Splunk administrators should be aware of.
Set the embedSecret attribute if you use search head clustering
When you embed reports, Splunk software generates URLs that point to the reports in your Splunk deployment. These URLs normally can only be used on the search head on which they were generated. If you set a string value for the embedSecret parameter in server.conf all search heads in a search head pool can use the same URL.
You can set any string value for embedSecret. Think of it as a sort of password. The embedSecret parameter has no value by default.
Bypass SSO authentication if necessary
When Splunk software embeds a report in an external web page, it makes several HTTP requests to various resources that in some cases may invoke the SSO authentication system. To get around this, update the embed_uri attribute in web.conf with an alternative URI IP address, host, or port prefix. This hardcodes the path so it always goes through an externally accessible IP address or host name.
If you have set the root_endpoint attribute
If you have set an explicit value for the root_endpoint attribute in web.conf, append that value to whatever you define for embed_uri.
For example, if you've set
root_endpoint = /splunkui
and you want to set embed_uri to http://foobar:8088, then you'll need to append the root_endpoint value to your embed_uri value like this:
embed_uri = http://foobar:8088/splunkui
By default the embed_uri parameter is empty. It resolves to the client browser window.location.protocol + "//" + window.location.host.
By default embedded reports display a footer that includes the Splunk logo. You can optionally change this to a text string by modifying the embed_footer attribute in web.conf.
Although the default setting of embed_footer = splunk displays the Splunk logo as the footer, you cannot use this parameter to insert alternative icons or images.
Disable report embedding globally
You can optionally disable report embedding for all users of a particular Splunk Enterprise deployment. In server.conf, change the value of the allowEmbedTokenAuth parameter from true to false.
The embed.enabled parameter
The saved searches endpoint adds the embed.enabled parameter to scheduled report stanzas in savedsearches.conf when you embed those reports. The embed.enabled parameter determines whether or not a given report is enabled for embedding. It is set to 1 if it is enabled.
| Embed scheduled reports | Configure the priority of scheduled reports |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1, 8.1.0, 8.1.10, 8.1.11, 8.1.12
Download manual
Feedback submitted, thanks!