diff --git a/splunk/README.rst b/splunk/README.rst
new file mode 100644
index 0000000..44a8ccf
--- /dev/null
+++ b/splunk/README.rst
@@ -0,0 +1,24 @@
+=================
+Splunk dashboards
+=================
+
+Setup guide
+-----------
+
+1. Navigate to the app you want to add the dashboards to, or create a new app called DMARC
+2. Click Dashboards
+3. Click Create New Dashboard
+4. Use a descriptive title, such as "Aggregate DMARC Data"
+5. Click Create Dashboard
+6. Click on the Source button
+7. Paste the content of ''dmarc_aggregate_dashboard.xml`` into the source editor
+8. If the index storing the DMARC data is not named email, replace index="email" accordingly
+9. Click Save
+10. Click Dashboards
+11. Click Create New Dashboard
+12. Use a descriptive title, such as "Forensic DMARC Data"
+13. Click Create Dashboard
+14. Click on the Source button
+15. Paste the content of ''dmarc_forensic_dashboard.xml`` into the source editor
+16. If the index storing the DMARC data is not named email, replace index="email" accordingly
+17. Click Save
diff --git a/splunk/dmarc_aggregate_dashboard.xml b/splunk/dmarc_aggregate_dashboard.xml
index d18878f..aa25c82 100644
--- a/splunk/dmarc_aggregate_dashboard.xml
+++ b/splunk/dmarc_aggregate_dashboard.xml
@@ -1,4 +1,4 @@
-<form>
+<form theme="dark">
   <label>Aggregate DMARC data</label>
   <description>A summary of aggregate DMARC report data</description>
   <fieldset submitButton="false" autoRun="true">
diff --git a/splunk/dmarc_forensic_dashboard.xml b/splunk/dmarc_forensic_dashboard.xml
index f501b76..93adc7e 100644
--- a/splunk/dmarc_forensic_dashboard.xml
+++ b/splunk/dmarc_forensic_dashboard.xml
@@ -1,4 +1,4 @@
-<form>
+<form theme="dark">
   <label>Forensic DMARC Data</label>
   <fieldset submitButton="false" autoRun="true">
     <input type="text" token="header_from" searchWhenChanged="true">