Splunk Cloud Platform

Reporting Manual

Additional configuration for embedded reports

Report embedding can work for users who have the embed_report capability associated with their role without any additional .conf file configuration. However, there are a few configuration attributes that Splunk administrators should be aware of.

Set the embedSecret attribute if you use search head clustering

When you embed reports, Splunk software generates URLs that point to the reports in your Splunk deployment. These URLs normally can only be used on the search head on which they were generated. If you set a string value for the embedSecret parameter in server.conf all search heads in a search head pool can use the same URL.

You can set any string value for embedSecret. Think of it as a sort of password. The embedSecret parameter has no value by default.

Bypass SSO authentication if necessary

When Splunk software embeds a report in an external web page, it makes several HTTP requests to various resources that in some cases may invoke the SSO authentication system. To get around this, update the embed_uri attribute in web.conf with an alternative URI IP address, host, or port prefix. This hardcodes the path so it always goes through an externally accessible IP address or host name.

If you have set the root_endpoint attribute

If you have set an explicit value for the root_endpoint attribute in web.conf, append that value to whatever you define for embed_uri.

For example, if you've set

root_endpoint = /splunkui

and you want to set embed_uri to http://foobar:8088, then you'll need to append the root_endpoint value to your embed_uri value like this:

embed_uri = http://foobar:8088/splunkui

By default the embed_uri parameter is empty. It resolves to the client browser window.location.protocol + "//" + window.location.host.

Change the footer beneath the embedded report

By default embedded reports display a footer that includes the Splunk logo. You can optionally change this to a text string by modifying the embed_footer attribute in web.conf.

Although the default setting of embed_footer = splunk displays the Splunk logo as the footer, you cannot use this parameter to insert alternative icons or images.

Disable report embedding globally

You can optionally disable report embedding for all users of a particular Splunk Enterprise deployment. In server.conf, change the value of the allowEmbedTokenAuth parameter from true to false.

The embed.enabled parameter

The saved searches endpoint adds the embed.enabled parameter to scheduled report stanzas in savedsearches.conf when you embed those reports. The embed.enabled parameter determines whether or not a given report is enabled for embedding. It is set to 1 if it is enabled.

Last modified on 22 December, 2021
Embed scheduled reports   Configure the priority of scheduled reports

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters