Use dark theme in Splunk dashboards

2026-02-17 07:03:58 +00:00 · 2019-04-24 15:41:40 -04:00
parent 0638650550
commit 3b366a24e4
3 changed files with 26 additions and 2 deletions
--- a/splunk/README.rst
+++ b/splunk/README.rst
@@ -0,0 +1,24 @@
+=================
+Splunk dashboards
+=================
+
+Setup guide
+-----------
+
+1. Navigate to the app you want to add the dashboards to, or create a new app called DMARC
+2. Click Dashboards
+3. Click Create New Dashboard
+4. Use a descriptive title, such as "Aggregate DMARC Data"
+5. Click Create Dashboard
+6. Click on the Source button
+7. Paste the content of ''dmarc_aggregate_dashboard.xml`` into the source editor
+8. If the index storing the DMARC data is not named email, replace index="email" accordingly
+9. Click Save
+10. Click Dashboards
+11. Click Create New Dashboard
+12. Use a descriptive title, such as "Forensic DMARC Data"
+13. Click Create Dashboard
+14. Click on the Source button
+15. Paste the content of ''dmarc_forensic_dashboard.xml`` into the source editor
+16. If the index storing the DMARC data is not named email, replace index="email" accordingly
+17. Click Save
--- a/splunk/dmarc_aggregate_dashboard.xml
+++ b/splunk/dmarc_aggregate_dashboard.xml
@@ -1,4 +1,4 @@
-<form>
+<form theme="dark">
  <label>Aggregate DMARC data</label>
  <description>A summary of aggregate DMARC report data</description>
  <fieldset submitButton="false" autoRun="true">
--- a/splunk/dmarc_forensic_dashboard.xml
+++ b/splunk/dmarc_forensic_dashboard.xml
@@ -1,4 +1,4 @@
-<form>
+<form theme="dark">
  <label>Forensic DMARC Data</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="text" token="header_from" searchWhenChanged="true">