Additional configuration for embedded reports
Report embedding can work for users who have the embed_report
capability associated with their role without any additional .conf
file configuration. However, there are a few configuration attributes that Splunk administrators should be aware of.
Set the embedSecret attribute if you use search head clustering
When you embed reports, Splunk software generates URLs that point to the reports in your Splunk deployment. These URLs normally can only be used on the search head on which they were generated. If you set a string value for the embedSecret
parameter in server.conf
all search heads in a search head pool can use the same URL.
You can set any string value for embedSecret
. Think of it as a sort of password. The embedSecret
parameter has no value by default.
Bypass SSO authentication if necessary
When Splunk software embeds a report in an external web page, it makes several HTTP requests to various resources that in some cases may invoke the SSO authentication system. To get around this, update the embed_uri
attribute in web.conf
with an alternative URI IP address, host, or port prefix. This hardcodes the path so it always goes through an externally accessible IP address or host name.
If you have set the root_endpoint attribute
If you have set an explicit value for the root_endpoint
attribute in web.conf
, append that value to whatever you define for embed_uri
.
For example, if you've set
root_endpoint = /splunkui
and you want to set embed_uri
to http://foobar:8088
, then you'll need to append the root_endpoint
value to your embed_uri
value like this:
embed_uri = http://foobar:8088/splunkui
By default the embed_uri
parameter is empty. It resolves to the client browser window.location.protocol + "//" + window.location.host
.
By default embedded reports display a footer that includes the Splunk logo. You can optionally change this to a text string by modifying the embed_footer
attribute in web.conf
.
Although the default setting of embed_footer = splunk
displays the Splunk logo as the footer, you cannot use this parameter to insert alternative icons or images.
Disable report embedding globally
You can optionally disable report embedding for all users of a particular Splunk Enterprise deployment. In server.conf
, change the value of the allowEmbedTokenAuth
parameter from true
to false
.
The embed.enabled parameter
The saved searches endpoint adds the embed.enabled
parameter to scheduled report stanzas in savedsearches.conf
when you embed those reports. The embed.enabled
parameter determines whether or not a given report is enabled for embedding. It is set to 1
if it is enabled.
Embed scheduled reports | Configure the priority of scheduled reports |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!