diff --git a/apps/eventid/README.txt b/apps/eventid/README.txt new file mode 100644 index 00000000..fb601609 --- /dev/null +++ b/apps/eventid/README.txt @@ -0,0 +1,14 @@ +Windows Event Log Analysis Splunk App version 1.5.1 +Copyright (C) 2016-2018 Adrian Grigorof All Rights Reserved. + +The Windows Event Log Analysis Splunk App assumes that Splunk is collecting information from Windows servers and workstation via the Universal Forwarder, the local Windows event log collector or remotely via WMI. +It analyzes the entries from indexes matching the "index="wineventlog" OR source=*WinEventLog*" criteria. This matches the defaults used by the Universal Forwarder, the collection of local Windows event logs and the collection via WMI. +To collect the logs from remote computers without installing the Universal Forwarded on each computer, configure the forwarding of event logs to central location using the Windows built-in event forwarding. +The Interesting Processes section from the Processes dashboard is partially based on a presentation by Michael Gough from www.malwarearchaeology.com: "The Top 10 Windows Event ID's Used To Catch Hackers In The Act". See https://www.malwarearchaeology.com/home/2016/5/7/windows-top-10-event-logs-from-my-dell-enterprise-security-summit-talk for the presentation slides and information on how to enable the auditing of processes, including command-line based ones. The list of “interesting processes” is based on a study by JPCERT CC (Japan Computer Emergency Response Team Coordination Center) on detecting lateral movement through tracking of event logs (https://www.jpcert.or.jp/english/pub/sr/ir_research.html). The list is stored in C:\Program Files\Splunk\etc\apps\eventid\lookups\interesting_processes.csv and it can be adjusted with a text editor if needed. +If not data is displayed, please verify that the Universal Forwarder is installed properly and that the all the Windows event logs are sent to the "wineventlog" index (or the WinEventLog* sources). + +See Configure Computers to Forward and Collect Events (https://msdn.microsoft.com/en-us/library/cc748890(v=ws.11).aspx) for details on how to configure a computer as a collector of logs. + +Send any suggestions, questions etc. to adigrio@gmail.com or support@altairtech.ca. + +For up-to-date documentation, see: https://www.eventid.net/splunk_addon.asp diff --git a/apps/eventid/appserver/static/appIcon.png b/apps/eventid/appserver/static/appIcon.png new file mode 100644 index 00000000..5b9c7e92 Binary files /dev/null and b/apps/eventid/appserver/static/appIcon.png differ diff --git a/apps/eventid/appserver/static/appIcon_2x.png b/apps/eventid/appserver/static/appIcon_2x.png new file mode 100644 index 00000000..2fa23aa1 Binary files /dev/null and b/apps/eventid/appserver/static/appIcon_2x.png differ diff --git a/apps/eventid/appserver/static/application.css b/apps/eventid/appserver/static/application.css new file mode 100644 index 00000000..595a77da --- /dev/null +++ b/apps/eventid/appserver/static/application.css @@ -0,0 +1,553 @@ +body { + background-color: #cedec3; + font-size: 12px; + line-height: 130%; +} + +ul.accountBarItems { + font-size: 11px; +} + +br { + clear: both; +} + +.SplunkModule { + padding: 0px; +} + +.appHeaderWrapper { + background-color: #333333; + background-image: none; +} + +#appContent h1 { + font-size: 24px; + font-weight: normal; + letter-spacing: -1px; + line-height: 130%; + margin-bottom: 15px; + text-shadow: white 0px 1px 1px; +} + +.splButton-primary span, +.splButton-secondary span, +.splButton-tertiary span { + min-width: 110px; +} + +.resultsArea { + background-color: #EDEDE7; +} + +/** app tabs **/ +div.appTabsWrapperOuter { + background: #333 url(./images/bg_tabs.png) repeat-x 50% 100%; +} + +div.appTabsWrapper { + margin: 0px auto 0px; + width: 830px; + overflow: hidden; +} + +/* Target Firefox 2 and older [!] */ +div.appTabsWrapper ul#appTabs, x:-moz-any-link { + position: relative; + top: 1px; +} + +div.appTabsWrapper ul#appTabs, x:-moz-any-link, x:default { + position: relative; + top: 0px; +} + +div.appTabsWrapper ul#appTabs { + list-style-type: none; + margin: 15px 0px 0px; + overflow: hidden; + padding: 0px; + width: 100%; +} + +div.appTabsWrapper ul#appTabs li { + float: left; + list-style-type: none; + margin: 0px 5px 0px 0px; +} + +div.appTabsWrapper ul#appTabs li a { + background-color: #73A550; + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; + color: white; + display: block; + font-size: 14px; + padding: 8px 20px; + text-decoration: none; + -moz-text-shadow: #666 0px 1px 1px; + -webkit-text-shadow: #666 0px 1px 1px; + text-shadow: #666 0px 1px 1px; +} + +div.appTabsWrapper ul#appTabs li.current a { + background-color: #EDEDE7; + color: #333; + text-shadow: white 0px 1px 1px; + border: 1px solid white; + border-bottom: none; +} + +div.launcherContent { + margin: 15px auto; + width: 830px; +} + +div.launcherList { + float: left; + width: 549px; +} + +/** launcher links **/ +ul.launcherLinks { +/* -webkit-box-shadow: #DDD 0px 0px 5px; */ + border: 0px; + margin: 0px 0px 0px -25px; + list-style-type: none; + position: relative; +} + +ul.launcherLinks li { + /* background-color: white; */ + xxborder-bottom: 1px solid #edede7; + xxcolor: #666; + /* padding: 15px; */ + position: relative; + z-index: 200; + zoom: 1; + _line-height: 0px; + _font-size: 1%; +} + +ul.launcherLinks li .launcherApplistBackground { + cursor: pointer; +} + +li.launcherMsg { + background-color: white; + margin-left: 25px; +} + +ul.launcherLinks li.launcherMsg p { + padding: 0px; + _font-size: 12px; +} + +li.launcherMsg .launcherMsgUpdate { + background: transparent url(images/icon_update.png) 0px 0px no-repeat; + _background-image: url(images/icon_update_ie6.png); + padding-left: 20px; +} + +li.launcherMsg .launcherMsgSetup { + background: transparent url(images/icon_setup.png) 0px 0px no-repeat; + _background: transparent url(images/icon_setup_ie6.png) 0px 0px no-repeat; + padding-left: 20px; +} + +ul.launcherLinks li.first div.launcherApplistBackground { + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; +} + +ul.launcherLinks li.last div.launcherApplistBackground { + -moz-border-radius-bottomleft: 5px; + -moz-border-radius-bottomright: 5px; + -webkit-border-bottom-left-radius: 5px; + -webkit-border-bottom-right-radius: 5px; + border-bottom-left-radius: 5px; + border-bottom-right-radius: 5px; + border-bottom: none; +} + +ul.launcherLinks li:hover { + xxbackground: #fff url(images/bg_gradient_100.png) repeat-x; +} + +ul.launcherLinks li div { + background-repeat: no-repeat; + min-height: 50px; + xxpadding: 0px 0px 0px 46px; + xxmargin-left: -20px; +} + +.appicon { + width: 36px; + height: 36px; + padding: 5px; +} + +ul.launcherLinks li div.launcher-applist-wrapper, +ul.launcherLinks li div.launcherApplistBackground { + _font-size: 12px; + _line-height: 130%; +} + +ul.launcherLinks li.datainputs div.launcherApplistIcon { + background-image:url(images/icon_addData.png); + background-position: 10px 10px; +} + +ul.launcherLinks li.search div.launcherApplistIcon { + background-image:url(images/searchIcon.png); + background-position: 10px 10px; +} + + +ul.launcherLinks li a { + font-size: 16px; +} + +ul.launcherLinks li a:hover { + text-decoration: none; + _text-decoration: underline; +} + +ul.launcherLinks p { + color: #666; + line-height: 130%; + margin: 0px; + padding-top: 5px; +} + +/** launcher messages **/ +ul.launcherLinks li.launcherMsg { + border-bottom: 1px solid #EEE; + cursor: text; + padding: 5px 15px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; +} + +ul.launcherLinks li.launcherMsg a { + color: red; + display: inline-block; + text-decoration: underline; + font-size: 12px; + line-height: 130%; +} + +/** launcher app list **/ +ul.launcherLinks ul.launcherAppsList { + margin: 0px; + padding: 0px; + list-style: none; + z-index: 200; + position: relative; + *font-size: 1%; +} + +li.launcherShadow { + -webkit-box-shadow: #DDD 0px 0px 5px; + -moz-box-shadow: #DDD 0px 0px 5px; + box-shadow: #DDD 0px 0px 5px; + + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; + z-index: 2 !important; + position: absolute !important; + height: 356px; + width: 529px; + top: 0px; + left: 25px; +} + +/* Firefox 2 hacks for list border */ +li.launcherShadow, x:-moz-any-link { + top: -1px; + left: 24px; + border: 1px solid #CCC; +} + +/* Firefox 3+ hacks for list border */ +li.launcherShadow, x:-moz-any-link, x:default { + top: 0px; + left: 25px; + border: none; +} + +/* Firefox 3.0 - 3.5 hacks for list border */ +body.firefox3 li.launcherShadow { + top: -1px; + left: 24px; + border: 1px solid #CCC; +} + +/* IE 8 and below hacks for list border */ +li.launcherShadow { + border: 1px solid #CCC\9; + top: -1px\9; + left: 24px\9; +} + +/* IE 6 hack */ +#home li.launcherShadow { + _left: -1px; +} + +/** launcher reorder handle **/ +ul.launcherLinks li div.reorderHandle { + position: absolute; + display: block; + background-color: white; + background-image: url("images/icon_reorderHandler.png") !important; + _background-image: url("images/icon_reorderHandler_ie6.png") !important; + background-position: 8px 5px; + left: 0px; + top: 5px; + width: 20px; + height: 20px; + padding: 1px 0px 1px 5px; + -moz-border-radius-topleft: 5px; + -moz-border-radius-bottomleft: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-bottom-left-radius: 5px; + border-top-left-radius: 5px; + border-bottom-left-radius: 5px; + min-height: 0px !important; +} + +/* Firefox 2 hacks for reorder handle borders */ +ul.launcherLinks li div.reorderHandle, x:-moz-any-link { + border: 1px solid #CCC; + border-right: none; + left: -1px; +} + +/* Firefox 3+ hacks for reorder handle border */ +ul.launcherLinks li div.reorderHandle, x:default { + border: none; + left: 0px; +} + +/* Firefox 3.0 - 3.5 hacks for reorder handle borders */ +body.firefox3 ul.launcherLinks li div.reorderHandle { + border: 1px solid #CCC; + border-right: none; + left: -1px; +} + +/* IE 8 and below hacks for reorder handle borders */ +ul.launcherLinks li div.reorderHandle { + border: 1px solid #CCC\9; + border-right: none\9; + left: -1px\9; +} + +ul.launcherLinks div.launcherApplistBackground { + margin-left: 25px; + background-color: white; + border-bottom: 1px solid #edede7; + zoom: 1; +} +ul.launcherLinks div.launcherApplistIcon { + padding: 10px; +} + +ul.launcherLinks div.launcherApplistDesc { + margin-left: 45px; + *font-size: 12px; +} + +ul.launcherLinks div.launcherApplistBackground:hover { + background: #fff url(images/bg_gradient_100.png) repeat-x bottom; +} +ul.launcherLinks .disabledApp div.launcherApplistBackground:hover { + background-image: none; +} +ul.launcherLinks li div.reorderHandle:hover { + cursor: move; + background-position: 8px -15px; +} + +/** enable/set up buttons **/ +ul.launcherLinks .setupApp button { + background-color: #BBB; + border: 1px solid #999; +} + +ul.launcherLinks .setupApp button:hover { + border-color: #666; +} + +ul.launcherLinks li.disabledApp button, +ul.launcherLinks li.setupApp button { + position: absolute; + top: 5px; + right: 7px; + height: 23px; + line-height: 20px; + background-position: left -5px; + padding: 0px 10px; +} + +ul.launcherLinks li.disabledApp button span, +ul.launcherLinks li.setupApp button span { + min-width: 0; + line-height: 100%; +} + +ul.launcherLinks li.disabledApp:hover { + background-image: none; +} + +ul.launcherLinks li.disabledApp button:hover { + border-color: #000; +} + +ul.launcherLinks .disabledApp, +ul.launcherLinks .disabledApp a { + cursor: text; +} +ul.launcherLinks .disabledApp .launcher-applist-wrapper { + opacity: 0.6; +} + +ul.launcherLinks .disabledApp p { + color: #333; +} + +/** launchersidebar **/ +div.launchersidebar { + float: left; + margin-left: 30px; + width: 250px; + border: none; +} + +div.section { + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; + -moz-box-shadow: 0 0 5px #DDD; + -webkit-box-shadow: #DDD 0 0 5px; + -moz-box-shadow: #DDD 0 0 5px; + -webkit-box-shadow: #DDD 0 0 5px; + box-shadow: #DDD 0 0 5px; + background: none repeat scroll 0 0 #E5F2F5; + margin-bottom: 10px; + padding: 15px; + border: 1px solid #CCC; +} + +h2, +div.launchersidebar h2 { + color: #333; + font-size: 16px; + font-weight: normal; + margin: 0px; + padding: 0px; + padding-bottom: 10px; + text-shadow: 0 1px 1px white; +} + +div.launchersidebar ul { + margin: 0px 5px; + list-style: none; +} + +div.launchersidebar ul li { + padding: 5px 0px; +} + +/** spotlight section **/ +div.launchersidebar div.spotlight { + background-color: #666; + -moz-box-shadow: 0 0 5px #555 inset; + -webkit-box-shadow: 0 0 5px #555 inset; + box-shadow: 0 0 5px #555 inset; + border: 1px solid #555; +} + +div.launchersidebar div.spotlight h2 { + color: white; + text-shadow: 0px 1px 1px #333; +} + +div.launchersidebar div.spotlight button.splButton-primary { + margin: 5px; + background-color: #77AA44; +} + +div.launchersidebar div.spotlight button.splButton-primary:hover { + background-color: #693; +} + + +/* IE 6 doesn't recognize min_width */ +div.launchersidebar div.spotlight button span { + _width: 110px; +} + +/** icons for launchersidebar links **/ +.apps { + background: url("images/icon_apps.png") no-repeat; + padding-left: 20px; +} + +.tutorial { + background: url("images/icon_tutorial.png") no-repeat; + padding-left: 20px; +} + +.whatsNew { + background: url("images/icon_mail.png") no-repeat; + padding-left: 20px; +} + +.splunkDoc { + background: url("images/icon_file.png") no-repeat; + padding-left: 20px; +} + +.searches { + background: url("images/icon_document.png") no-repeat; + padding-left: 20px; +} + +.more { + background: url("images/icon_circle_add.png") no-repeat; + padding-left: 20px; +} + +.answers { + background: url("images/icon_ask.png") no-repeat; + padding-left: 20px; +} + +/** footer **/ +div.divider { + margin-top: 20px; + width: 100%; + border-bottom: 1px solid #DDD; +} + +div.launcherFooter { + padding-top: 10px; + border-top: 1px solid #FFF; + color: #666; + text-shadow: 0px 1px 1px white; +} diff --git a/apps/eventid/appserver/static/dashboard.css b/apps/eventid/appserver/static/dashboard.css new file mode 100644 index 00000000..299cace5 --- /dev/null +++ b/apps/eventid/appserver/static/dashboard.css @@ -0,0 +1,78 @@ + +/* Set background */ +.main-section-body { + background-color:#cedec3; + background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#e2e9eb), color-stop(400px, #cedec3), to(#cedec3)); + background-image:-webkit-linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + background-image:-moz-linear-gradient(top, #e2e9eb, #cedec3 400px, #cedec3); + background-image:-o-linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + background-image:linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe2e9eb', endColorstr='#ffcedec3', GradientType=0); +} + +/* Make the forms look like they are in a panel */ +/*.fieldset { + border-radius: 4px; + border: 1px solid #cccccc; + background: white; + margin: 0 0px 10px 0; + box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + position: relative; + padding: 12px 15px 0px 15px; +} + +.fieldset .hide-label { +} +*/ + +/* Shrink the form text inputs */ +/* Removed because Splunk 6.1 spaces the fields differently */ +/*input, textarea, .uneditable-input { + width: 120px; +}*/ + +/* Make the Search button on each dashboard blue instead of green */ + +.btn-primary { + background-color: #5c9732; + background-image: -moz-linear-gradient(top, #0087df, #004f82); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0087df), to(#004f82)); + background-image: -webkit-linear-gradient(top, #0087df, #004f82); + background-image: -o-linear-gradient(top, #0087df, #004f82); + background-image: linear-gradient(to bottom, #0087df, #004f82); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0087df', endColorstr='#ff004f82', GradientType=0); + background-color: #0087df; + border: 1px solid #143ab1; + border-bottom-color: #0048c9; + border-top-color: #004f82; + color: #ffffff; + text-shadow: 0 -1px 0 rgba(51, 51, 51, 0.7); + -webkit-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + -moz-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); +} + +.btn-primary:hover { + background-color: #7db44d; + background-image: -moz-linear-gradient(top, #6ac1fa, #007fd1); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#6ac1fa), to(#007fd1)); + background-image: -webkit-linear-gradient(top, #6ac1fa, #007fd1); + background-image: -o-linear-gradient(top, #6ac1fa, #007fd1); + background-image: linear-gradient(to bottom, #6ac1fa, #007fd1); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6ac1fa', endColorstr='#ff007fd1', GradientType=0); + background-color: #389ddf; + border-color: #0c89db; + border-bottom-color: #006eb4; + border-top-color: #3f99d3; + background-position: 0 0; +} + +.btn-primary:active, .btn-primary.active { + background-color: #016baf 9; +} +.btn-primary:hover, .btn-primary:focus, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] { + color: #ffffff; + background-color: #016baf; +} diff --git a/apps/eventid/appserver/static/dashboard.js b/apps/eventid/appserver/static/dashboard.js new file mode 100644 index 00000000..2d47c545 --- /dev/null +++ b/apps/eventid/appserver/static/dashboard.js @@ -0,0 +1,1128 @@ +//we listen to the jobResurrected event (triggered in Splunk.Search.resurrect()) +//and because it passes the containing group title of the module resurrecting the job, +//we are able to map the job.getCreateTime() values into 'last refreshed:' header for each panel. + +Splunk.DashboardManager = $.klass({ + dateDict : {}, + NOW_REFRESHED_TIME : _("real-time"), + TODAY_REFRESHED_TIME : _("today at %(timeText)s."), + GENERIC_REFRESHED_TIME : _("%(dateText)s ago"), + FULL_REFRESHED_TIME : _("refreshed: %(dateText)s"), + DISPLAY_REFLOW_EVENT: 'Splunk.Events.REDRAW', + PANEL_DROP_EVENT: 'Splunk.Events.PANEL_DROP', + windowWidth: $(window).width(), +// windowHeight: $(window).height(), + + initialize: function() { + // handlers to keep the last refreshed headers updated. + $(document).bind('jobResurrected', this.onJobExists.bind(this)); + $(document).bind('jobDispatched', this.onJobExists.bind(this)); + $(document).bind('jobProgress', this.onJobProgress.bind(this)); + + var that = this; + + // setup the headers to auto-truncate long titles + this.titleHeaders = $('.layoutCell .splHeader h2'); + this.handlePanelResize(); + + var timeoutID = null; + + $(window).bind('resize', function() { + if ( $(window).width() != that.windowWidth /*|| $(window).height() != that.windowHeight*/ ) { + that.windowWidth = $(window).width(); +// that.windowHeight = $(window).height(); + + if ( timeoutID ) + window.clearTimeout(that.timeoutID); + + timeoutID = window.setTimeout(function(){ + $(window).trigger("real_resize"); + }, 100); + } + }); + + $(window).bind('real_resize', this.handlePanelResize.bind(this)); +// $(document).bind('Splunk.Events.REDRAW', this.handlePanelResize.bind(this)); + $(document).bind('allModulesLoaded', this.handlePanelResize.bind(this)); + $(document).bind('jobDone', function(){ + if(!this.editMode) { + setTimeout(this.equalizeHeights, 500); + } + }.bind(this)); + + // custom event fired by chart modules when they are resized manually by the user + $(document).bind('ChartManualResize', this.handlePanelResize.bind(this)); + + $(document).bind('RefreshPage', this.softRefresh.bind(this)); +// $(window).bind('resize', function(){DebugUtils.trace("window.resize invoked")}); +// $(window).bind('real_resize', function(){DebugUtils.trace("window.real_resize invoked")}); +// $(document).bind('Splunk.Events.REDRAW', function(){DebugUtils.trace("Splunk.Events.REDRAW invoked")}); +// $(document).bind('allModulesLoaded', function(){DebugUtils.trace("allModulesLoaded invoked")}); +// $(document).bind('jobDone', function(){DebugUtils.trace("jobDone invoked")}); +// $(document).bind('ChartManualResize', function(){DebugUtils.trace("ChartManualResize invoked")}); + + + $(document).bind('PrintStart', this.insertPageBreakers.bind(this)); + $(document).bind('PrintEnd', this.removePageBreakers.bind(this)); + + this.searchIdToGroupNames = {}; + this.panelRowsSelector = 'div.layoutRow[class*="panel_row"]'; +// this.panelRowsSelector = 'div.layoutRow[class="panel_row*"]'; + this.$panelRows = $(this.panelRowsSelector); + + this.$isAwesomeBrowser = ! ($.browser.msie && $.browser.version < 9); + + // DebugUtils.trace( this.panelRowsSelector); + + //do equal heights + this.equalizeHeights(); + + var dragAndDropEnabled = false; + if ( Splunk.ViewConfig && ! ($.browser.msie && $.browser.version == 6) && 0 == $(".FlashWrapperContainer").length ) { + dragAndDropEnabled = (Splunk.ViewConfig.view.nativeObjectMode == "SimpleDashboard") && Splunk.ViewConfig.view.canWrite && ! Splunk.ViewConfig.view.hasRowGrouping; + } + + this.editMode = false; + $(document).bind('Splunk.Module.DashboardTitleBar.editMode', function(event, enabled){ + var $paneledit = $('.paneledit'); + + if (enabled) { + $paneledit.show(); + if(dragAndDropEnabled) { + that.dragAndDropControllerInit(); + that.editMode = true; + } + } else { + $paneledit.hide(); + if(dragAndDropEnabled) { + that.dragAndDropControllerDestroy(); + that.editMode = false; + } + } + }.bind(this)); + + that.panelEditInit(); + + //setup panel editor and focus model + this.messenger = Splunk.Messenger.System.getInstance(); + }, + + /** + * Reloads the existing page preserving old search jobs if they are present via the + * fragment identifier. + * + * @param {String} excludeGimpId (Optional) An optional gimpId to exclude form the soft-refresh (forces job refresh) + */ + softRefresh: function(excludeGimpId) { + var frag = {}; //Splunk.util.queryStringToProp(Splunk.util.getHash()); + var gimps = $('.Gimp'); + for (var i = 0; i < gimps.length; i++) { + var gimpId = gimps[i].id; + if (gimpId==excludeGimpId) { + continue; + } + var gimpModule = Splunk.Globals['ModuleLoader'].getModuleInstanceById(gimpId); + var search = gimpModule.getContext().get("search"); + + if (!search || !search.job) continue; + + var sid = search.job.getSearchId(); + + if (!sid) continue; + + var meta = gimpModule.container.closest('.dashboardCell').find('.paneledit').attr("data-sequence"); + frag['panel_' + meta + ".sid"] = sid; + search.job.setAsAutoCancellable(false); + } + + frag['edit'] = 1; + window.location.hash = Splunk.util.propToQueryString(frag); + window.location.reload(); + }, + + // iterate on all the panels besides the one clicked on, and remove the menu. + // since this is a draggable object, the events are not propagating to the top and document.click is never triggered. + // we could manually trigger a dummy event, or a doc.click event, besides IE is garbage and it is throwing a weird error when we do so. + menusGC: function(orig){ + var that = this; + $('.paneledit').each(function(){ + if (this != orig){ + that.hideMenu(this.actionsMenu); + } + }); + }, + + hideMenu: function(menu){ + if (menu) { + menu.getMenu().remove(); + menu = null; + } + }, + + panelEditInit: function() { + var that = this; + + $('.paneledit').click(function(event) { + + that.menusGC(this); + + // since events are not being propagated, we have to manually hide our menu item if it is in a visible mode. + if (this.actionsMenu && this.actionsMenu.getMenu().is(':visible')) { + that.hideMenu(this.actionsMenu); + event.stopImmediatePropagation(); + return false; + } + + // remove the previous menu, since our id could have been changed. + that.hideMenu(this.actionsMenu); + + var meta = $(this);//.parent(); + + var sequence = meta.attr('data-sequence'); + var intersectX = meta.attr('data-intersect-x'); + var intersectY = meta.attr('data-intersect-y'); + var dashboardId = meta.attr('data-dashboard-id'); + var app = meta.attr('data-app'); + var panelType = meta.attr('data-paneltype'); + var id = $($('.Gimp')[sequence]).attr('id'); + + var gimpModule = Splunk.Globals['ModuleLoader'].getModuleInstanceById(id); + //shallow object of k/v pairs adapted for panel editor + var panelSettings = gimpModule.getPanelSettings(panelType, 'options.'); + + + panelSettings.id = dashboardId; + panelSettings.panelType = panelType; + panelSettings.enable_fragment_id = 0; + panelSettings.enable_controls = 1; + + + + //search meta data + var context = null, search = null, job = null; + context = gimpModule.getContext(); + if (context) search = context.get('search'); + if (search) job = search.job; + + if (!job || job.areResultsTransformed()) + panelSettings.is_transforming = true; + else + panelSettings.is_transforming = false; + + //set the href to the panel editor + var editVisualizationHref = Splunk.util.make_url('paneleditor', app, 'edit', intersectX, intersectY)+ '?' + Splunk.util.propToQueryString(panelSettings); + + + + var menuDict = [ + { + label: _("Edit search"), + uri: Splunk.util.make_url('paneleditor', app, 'searchedit', intersectX, intersectY) + '?id=' + encodeURIComponent(dashboardId), + callback: function(event) { + $(document).trigger('SessionTimeout.Jobber'); + that.showExpose(id); + var options = { + onBeforeDestroy: function() { + //restart the jobber + $(document).trigger('SessionStart.Jobber'); + $(".dashboardCellEditable").removeClass("dashboardCellActive"); + that.hideExpose(); + }, + onFrameLoad: function(popup, iframe) { + $(document).bind('panelsave', function() { + popup.destroyPopup(); + that.softRefresh(id); + }); + }, + isModal: false, + pclass: 'panelEditorPopup' + }; + Splunk.Popup.IFramer(event.target.href, _("Edit search"), options); + return false; + } + }, + { + label: _("Edit visualization"), + uri: editVisualizationHref, + callback: function(event) { + $(document).trigger('SessionTimeout.Jobber'); + //panel meta found on + //gimp module lookup + var id = $($('.Gimp')[sequence]).attr('id'); + that.showExpose(id); + var options = { + onBeforeDestroy: function() { + //restart the jobber + $(document).trigger('SessionStart.Jobber'); + $(".dashboardCellEditable").removeClass("dashboardCellActive"); + that.hideExpose(); + }, + onFrameLoad: function(popup, iframe) { + $(document).bind('panelsave', function() { + popup.destroyPopup(); + that.softRefresh(id); + }); + }, + isModal: false, + pclass: 'panelEditorPopup' + }; + Splunk.Popup.IFramer(event.target.href, _("Edit visualization"), options); + return false; + } + }, + { + label: _("Delete"), + uri: '', + callback: function(event) { + that.showExpose(id); + setTimeout(function(){ + var deletePanel = confirm(_('Are you sure you would like to delete this panel?')); + that.hideExpose(); + if (deletePanel) { + var url = Splunk.util.make_url('paneleditor', app, 'delete', intersectX, intersectY)+ '?' + Splunk.util.propToQueryString({id: dashboardId}); + $.ajax({ + url: url, + type: 'POST', + timeout: 10000, + complete: function(jqXHR, textStatus) { + if (jqXHR.status==204) { + //delete node beacuse we are going to reset sequence + meta.closest('.layoutCell').remove(); + that.resetSequence(); + that.softRefresh(id); + } else { + alert(_('Sorry, the specified panel could not be deleted.')); + } + } + }); + } + }, 600); + return false; + } + } + ]; + this.actionsMenu = new Splunk.MenuBuilder({ + menuDict: menuDict, + activator: (that.$isAwesomeBrowser ? meta : meta.parent()), + menuClasses: 'splMenu-primary' + }); + this.actionsMenu.showMenu(); + return false; + }); + }, + + panelRowsAddOverlayLayers: function(doBind) { + + var that = this; + that.isDNDEditMode = doBind; + + if(doBind) { + $(window).unbind("real_resize", doAddOverlays); + $(window).bind("real_resize", doAddOverlays); + doAddOverlays(); + } + + + function doAddOverlays(e) { + + if ( ! that.isDNDEditMode ) { + return ; + } + + var start = DebugUtils.getCurrfentTime(); + + var mySelection = $(that.panelRowsSelector); + mySelection.find(".vmPanelDropPlaceholderOverlay").remove(); + + // reset z-index since IE is dumb. + if ( ! that.$isAwesomeBrowser ) { + mySelection.children().css({"z-index": "1"}); + } + + mySelection.find(".layoutCellInner").each(function(){ + var overlayNode = $(document.createElement("div")).addClass("layoutCellInner vmPanelDropPlaceholderOverlay"); + $(this).after(overlayNode); + var ieThingy = 25; + + var height = ($(this).parent().height()); + if( ! that.$isAwesomeBrowser ) + height -= ieThingy; + + height += "px"; + + var top = that.$isAwesomeBrowser ? "0" : ieThingy+"px"; + bindAttributes(overlayNode, ($(this).parent().width() - 15) + "px", height, top); + + + if ( ! that.$isAwesomeBrowser ) { + overlayNode = $(document.createElement("div")).addClass("layoutCellInner vmPanelDropPlaceholderOverlay"); + $(this).after(overlayNode); + bindAttributes(overlayNode, ($(this).parent().width() - 100) + "px", ieThingy + "px", 0); + } + }); + + + function bindAttributes(element, width, height, top) { + element.css({ + 'width': width, + 'height': height, + 'z-index': 2, +// 'background-color': 'red', + 'top': top + }).bind({ + mouseover: function(){ + var selection = $(this).parent().children().first(); + selection.find(".dashboardContent, .splHeader").css("opacity", "0.6"); + }, + mouseout: function(){ + that.dragAndDropMouseOut($(this).parent().children().first()); + } + }); + } + + DebugUtils.trace( "doAddOverlays", start) ; + + } + + }, + + dragAndDropMouseOut: function (selection) { + if (selection) { + selection.find(".dashboardContent, .splHeader").css("opacity", "1.0"); + } + else { + this.dragAndDropMouseOut($(this.panelRowsSelector).find('.layoutCellInner')); + } + }, + + dragAndDropControllerInit: function() { + + var that = this; + + var maxHeight = 250; + var newRowHeight = 20; + + var sortableParameters = { + connectWith: that.panelRowsSelector, + placeholder: 'vmPanelDropPlaceholder', + opacity: 0.7, + tolerance: 'pointer', + cursor: 'move', + delay: 100, + cursorAt: { top: (maxHeight / 2) }, + handle: '.vmPanelDropPlaceholderOverlay' + }; + + //help IE get out of class early + if(! this.$isAwesomeBrowser){ + sortableParameters.helper = function(){ + return $('
'); + }; + sortableParameters.opacity = 1; + } + + $('.splLastRefreshed').hide(); + + $(that.panelRowsSelector).fadeOut('fast', function(){$(this).fadeIn('fast');}); + + + // FIXME hide the "move panels" button + // this should be removed from the template once the feature is stable + $(".editmode > .splButton-tertiary.move").hide(); + + + _removeEmptyRows(); + + // set max height + var selector = $(that.panelRowsSelector); + + selector.find(".layoutCell").css({"max-height": (maxHeight + "px")/*, "overflow": "hidden"*/}); + selector.find(".layoutCellInner").css({"min-height": "0", "max-height": ((maxHeight - 10) + "px"), "overflow": "hidden"}); + selector.find(".dashboardContent").css({"max-height": ((maxHeight - 60) + "px"), "overflow": "hidden"}); + + that.panelRowsAddOverlayLayers(true); + + _generateEmptyRows(false); + + that.changeChartFlow(); + + /** END COMMANDS - METHODS START HERE */ + + + function _bindEvents() { + + var myRowSelection = $(that.panelRowsSelector); + + myRowSelection.unbind('sortstart'); + myRowSelection.unbind('sortactivate'); + myRowSelection.unbind('sortover'); + myRowSelection.unbind('sortstop'); + + myRowSelection.bind( "sortstart", _sortableStart ); + myRowSelection.bind( "sortactivate", _sortableActivate ); + myRowSelection.bind( "sortover", _sortableOver ); + myRowSelection.bind( "sortstop", _sortableStop ); + } + + + function _sortableStart(event, ui) { + $('.vmPanelDropPlaceholder').css("height", Math.floor( $(ui.item).height() - 15) + 'px' ); //TODO: this seems hacky + $('.vmPanelDropPlaceholder').css("width", Math.floor($(ui.item).width() - 25) + 'px'); + } + + function _sortableActivate(event, ui) { +// var start = DebugUtils.getCurrfentTime(); + + if( ! (this === ui.item.parent()[0]) ) { + if ( $(this).children().length > 2 ) { // disable rows that has 3 panels - this is a UI constrain + $(this).sortable("disable"); + _sortableRefresh(); + } + } + else if ( $(this).children().length == 2 ) { // for a single panel row - disable the insertion points above and below + $(this).next().sortable("disable");//.css("background-color", "red"); + $(this).prev().sortable("disable");//.css("background-color", "green"); + _sortableRefresh(); + } + +// DebugUtils.trace( "_sortableActivate", start) ; + + } + /** + * handle sortable over target + */ + function _sortableOver(event, ui) { + // var start = DebugUtils.getCurrfentTime(); + + that.equalizeWidths(event, ui); + + var numItems = $(this).children().length; + if ( $(ui.sender).context === $(this).context ) + numItems--; + + var width = Math.floor(96 / numItems) + "%"; + $('.vmPanelDropPlaceholder').css("width",width); + + // attempt to set width of helper to width of placeholder + //$(ui.helper).width($(ui.placeholder).width()); + +// var height = Math.max($(this).height(), $(ui.item).height()) + "px"; +// // DebugUtils.trace( "_sortableOver", start) ; + } + + function _sortableStop(event, ui) { + var start = DebugUtils.getCurrfentTime(); + + // on some rare cases you can drop the panel top a position where the mouse is not over it. + // for these cases we would like to apply the mouseout styling ann all panels, just to play safe. + that.dragAndDropMouseOut(); + + + // hide any visible menus + that.menusGC(); + + DebugUtils.trace("_sortableStop invoked") ; + + $(that.panelRowsSelector).sortable('destroy'); + + _removeEmptyRows(); + + that.equalizeWidths(event, ui, true); + + // save the state to the system + _save(); + + that.changeChartFlow(); + + $(".vmPanelDropPlaceholderOverlay", $(that.panelRowsSelector)).remove(); + + _generateEmptyRows(true); + + that.panelRowsAddOverlayLayers(true); + + // fire off the panel drop event, passing the dropped element as extra data + $(document).trigger(that.PANEL_DROP_EVENT, {droppedElement: ui.item[0]}); + + DebugUtils.trace( "_sortableStop end", start) ; + } + + + function _sortableInit( setParams ) { + var start = DebugUtils.getCurrfentTime(); + var sortable; + + if (setParams ) + sortable = $(that.panelRowsSelector).sortable(sortableParameters); + else + sortable = $(that.panelRowsSelector).sortable(); + + + sortable.disableSelection(); + + _bindEvents(); + + DebugUtils.trace( "_sortableInit ("+(setParams)+") ", start) ; + return sortable; + } + + function _sortableRefresh(setParams) { + var start = DebugUtils.getCurrfentTime(); + var sortable = _sortableInit(setParams).sortable("refresh"); + DebugUtils.trace( "_sortableRefresh", start) ; + return sortable; + } + + + function _generateEmptyRows(doRefresh) { + + var counter = 1; + $(that.panelRowsSelector).each(function(){ + _addEmptyRow($(this), "before"); + }); + _addEmptyRow($(that.panelRowsSelector).last(), "after", 100); + + // XXX not sure what is causing this, but sometimes new rows are getting a 0 opacity. + // This ugly woraround takes care of that. + $(".layoutRow").fadeTo(0, 1); + + doRefresh ? _sortableRefresh(true) : _sortableInit(true); + + + function _addEmptyRow(element, where, rowHeight) { + var start = DebugUtils.getCurrfentTime(); + + rowHeight = rowHeight ? rowHeight : newRowHeight; + var newElement = $(document.createElement("div")).addClass("layoutRow equalHeightRow splClearfix panel_row1_col").css("min-height", rowHeight + "px"); + ( where == "after" ) ? element.after(newElement) : element.before(newElement); + + DebugUtils.trace( "_addEmptyRow", start) ; + } + } + + + function _removeEmptyRows() { + var start = DebugUtils.getCurrfentTime(); + + $(that.panelRowsSelector).each(function(){ + if ( $(this).children().length == 0 ) + $(this).remove(); + }); + +// $(".vmPanelDropPlaceholderOverlay", $(that.panelRowsSelector)).css("opacity", "0.2").css("background-color", "white"); +// $(".layoutCellInner", $(that.panelRowsSelector)).parent().children().first().css("box-shadow", "0 0 5px #CCCCCC"); + + DebugUtils.trace( "_removeEmptyRows", start) ; + } + + + + + function _save() { +// var start = DebugUtils.getCurrfentTime(); + $.post(Splunk.util.make_url(['viewmaster', Splunk.util.getCurrentApp(), Splunk.ViewConfig.view.id].join('/')), { + 'action': 'edit', + 'view_json': JSON.stringify(_toJSON()) + }, + _onSaveCallback, 'json'); + +// DebugUtils.trace( "_save", start) + function _toJSON() { + var output = {}; + output['new_panel_sequence'] = []; + + $(that.panelRowsSelector).each(function() { + var rowSet = []; + $('.paneledit', this).each(function() { + var s = parseInt($(this).attr('data-sequence'), 10); + if (!isNaN(s)) + rowSet.push(s); + }); + output['new_panel_sequence'].push(rowSet); + }); + return output; + } + + function _onSaveCallback(jsonObject){ + if (jsonObject.success) { + // reset the current indexing to future actions + that.resetSequence(); + } + else { + for (var i=0,L=jsonObject.messages.length; iThis dashboard is empty. Edit the dashboard to add a panel.
')).bind('click', function() { + Splunk.Globals.Viewmaster.openDashEditForm(Splunk.util.getCurrentView()); + return false; + }).appendTo($('.layoutRow.firstRow')); + } + }, + /** + * This method equalizes heights of dashboard cells within the same panel + */ + equalizeHeights: function() { + var start = DebugUtils.getCurrfentTime(); + $(".equalHeightRow").each(function(){ + $(this).find('.layoutCellInner').css({'min-height': 0}); + if ($.browser.msie && $.browser.version == 6.0) { + $(this).children().css({'height': 0}); + } + var max = 0; + $(this).find('.layoutCellInner').each(function(i){ + if ($(this).height() > max) { max = $(this).height(); } + }); + if ($.browser.msie && $.browser.version == 6.0) { $(this).find('.layoutCellInner').css({'height': max}); } + $(this).find('.layoutCellInner').css({'min-height': max}); + }); + DebugUtils.trace( "equalizeHeights", start) ; + }, + + /** + * This method traverses the dashboard rows from top to bottom, whenever it finds one that will have a page break + * in the middle of it, inserts a page-breaking element above it + */ + insertPageBreakers: function() { + // IE9 and IE10 can handle page breaking purely in CSS + if($.browser.msie && parseFloat($.browser.version) >= 9) { + return; + } + var $row, rowHeight, + currentHeight = 0, + $pageBreaker = $(''), + pageBreakHeight = ($.browser.msie) ? 800 : 900; // pixel height to use when breaking up the page + + $('.equalHeightRow').each(function(i, row) { + $row = $(row); + // caclulate the row height, force to zero for empty elements, since some browsers will report a non-zero height + rowHeight = ($row.is(':empty')) ? 0 : $row.outerHeight(true); // true means include margin + if(i != 0 && rowHeight > 0 && currentHeight + rowHeight >= pageBreakHeight) { + // this element needs a page break before it + $pageBreaker.clone().insertBefore($row); + currentHeight = rowHeight; + } + else { + currentHeight += rowHeight; + } + }); + }, + + removePageBreakers: function() { + if($.browser.msie && parseFloat($.browser.version) >= 9) { + return; + } + $('.page-breaker').remove(); + } + +}); + +var DebugUtils = { + + traceEnabled: false, + + getCurrfentTime: function() { + if(this.traceEnabled) + return (new Date()).getTime(); + }, + trace: function(arg, start) { + if( this.traceEnabled && window.console) { + var now = this.getCurrfentTime(); + arg = this._addSpaces(arg, 30); + if (start) + arg += ["\t", (now - start)].join(''); + console.log([now, "\t", arg].join('')); + } + }, + _addSpaces: function(str, len) { + var newStr = str; + while(newStr.length < len) + newStr += " "; + + return newStr; + } +}; + + + + + diff --git a/apps/eventid/appserver/static/default.css b/apps/eventid/appserver/static/default.css new file mode 100644 index 00000000..37a0cd51 --- /dev/null +++ b/apps/eventid/appserver/static/default.css @@ -0,0 +1,2152 @@ +/* + * Glorious Splunk Skin + * + */ + + + + +/* Basic Typography +---------------------------------*/ +body, td { + font-family:Arial,Helvetica,sans-serif; + font-size:11px; + color: #333; +} + +input, textarea, select, optgroup { + font-family:Arial,Helvetica,sans-serif; + font-size:12px; + color: #111; +} + +h1 { + font-size: 18px; + font-weight: normal; + color:#73A550; +} +h2 { + font-size: 12px; + font-weight:bold; + color: #333; +} +h3 { + font-size: 12px; + font-weight: bold; + color: #333; +} +h4 { + font-size: 11px; + font-weight: bold; + color: #333; +} + +/* font styles */ +.splFont-mono, .SearchBar label { + font-family: Consolas,Monaco,Courier New,monospace; +} + +.SearchBar textarea, .SearchBar label { + font-size: 12px; + -moz-box-shadow: none; + -webkit-box-shadow: none; + box-shadow: none; +} +.SearchBar textarea:focus { + outline: 0; +} + +/* link colors +---------------------------------*/ +a { + color: #1a7996; +} +a.disabled { + color:#999; +} + +/* panel-specific font colors +---------------------------------*/ +.appHeaderWrapper { + color: #666; +} +.appHeaderWrapper a { + color: #CCC; +} + +.appHeaderWrapper a.help { + background: url(../../../img/skins/default/icon-help-12.png) no-repeat left center; + _background: url(../../../img/skins/default/icon-help-12-black-ie6.png) no-repeat left center; /* for ie 6 */ + display: block; + padding-left: 16px; + float: left; +} + + +/* Application Header +_________________________________*/ +/* app header wrapper */ +/* - this can be used to set a background for the entire header area. */ +.appHeaderWrapper { + background: #000 url(/static/img/skins/default/bg_appHeaderWrapper.png) repeat-x; +} +/* application header */ +.appHeader { + /* height:100px; // to change the height of the header area, add a height property here. */ +} + +/* change the app logo here. set the height/width for your image, as well as the path to the image */ +.appLogo { + height: 43px; + width: 80px; + background: url(/static/img/skins/default/splunk_logo_black.png) no-repeat 0 0; + _background: url(/static/img/skins/default/splunk_logo_black.gif) no-repeat 0 0; +} + +/* +use this to display the name of the app. +use line-height to adjust alignment with logo. if +if the name of the app is in the logo, set this to display: none; +*/ +.appHeaderWrapper h1 { + color:#73a550; + line-height: 43px; +} + + +/* background colors +---------------------------------*/ + +/* default page color */ +body, .splBackground-default, .graphArea, .resultsArea, +.reportSecondPanel, .reportThirdPanel, .sidebarCollapsed, +.SearchBar .saTypeaheadWrapper { + background-color: #FFF; +} + +/* primary background - applies to search controls and primary action panels */ +.viewHeader, .mainSearchControls, .splSearchControls-inline, +.SearchBar .saHelpWrapper { + background-color: #edede7; +} + +/* secondary background - sidebar, other panels */ +.splBackground-secondary, .sidebarExpanded { + background-color:#edede7; +} + +/* Specific overrides */ +.layoutCellInner .ResultsHeader .splHeader, .layoutCellInner .ResultsHeader .splHeader-secondary { + background: transparent none; +} + + +/* headers +---------------------------------*/ +.splHeader-primary { + border-top-width: 1px; + border-top-style: solid; +} + +.splHeader-secondary { + border-top-width: 1px; + border-top-style: solid; +} + + + +.splHeader-secondary { + background-color: #edede7; + _background-position: 0px -111px; +} +/* navigation bar */ +.splHeader-navigation { + background-image: none; + _background-image: none; +} + +.splHeader h2 a { + font-weight:normal; +} + +/* Specific overrides */ +.TitleBar .splHeader, .FieldPickerPopup .splHeader-primary { + background-color: #edede7; + background-image: none; +} + +.FlashTimeline .splHeader-primary { + background: #fff url(/static/img/skins/default/overlay_topgradient_7.png) repeat-x; + _background-image: none; +} + +.FlashTimeline { + background: #fff url(/static/img/skins/default/overlay_bottomgradient_7.png) repeat-x bottom center; + _background-image:none; +} + +.DisableRequiredFieldsButton { + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + _background-image:none; +} + +.splView-flashtimeline .ResultsHeader .splHeader-primary { + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + _background-image:none; + border-color: #a4a4a4; + padding-top: 5px; +} + +.splView-flashtimeline .ResultsHeader .splHeader-primary h2 { + background-color: #fff; + -webkit-border-top-left-radius: 6px; + -moz-border-radius-topleft: 6px; + border-top-left-radius: 6px; +} + +/* borders +---------------------------------*/ +* { + border-color: #ccc; +} + +div.sidebarCollapsed .sidebarControl { + -moz-border-radius: 0 0 5px 0; + -webkit-border-radius: 0 0 5px 0; + border-radius: 0 0 5px 0; + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + border-top: 1px solid #A4A4A4; +} + +div.sidebar .FieldPicker { + border-color: #a4a4a4; +} + +/* Dashboards +_______________________________*/ + +/* dashboard headers */ + +body.splTemplate-dashboard { + background-color: #EDEDE7; +} +.splHeader-dashboard { + background-image: none; +} +.splHeader-dashboard { + background-color: transparent; +} +.splHeader-dashboard h2, +.dashboardContent .ServerSideInclude h2, +.dashboardContent .GenericHeader h3 { + font-size:12px; + color: #73a550; + font-weight:bold; + background-color: transparent; +} +/* rounded box for dashboard modules */ +.dashboardCell { + position: relative; + background: #fff; + border-style: solid; + border-width: 1px; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; + -moz-box-shadow: 0 0 5px rgba(0, 0, 0, 0.25); + -webkit-box-shadow: #ccc 0 0 5px; + box-shadow: #ccc 0 0 5px; + _background-image: none; +} + +.dashboardContent .SimpleResultsTableResults, .dashboardContent .EventsViewer { + background-image: none; + background: transparent; +} + + + +/* form elements +_________________________________*/ +fieldset legend { + color: #73A550; + font-size: 14px; + font-weight: bold; +} +fieldset legend span{ + color: #000; + font-size: 10px; + font-weight: normal; +} +input, textarea, select { + font-family: Arial, Helvetica, sans-serif; + font-size: 11px; +} +input[type="text"], input[type="textfield"], input[type="password"], +textarea, .input-facade, +.splTextAreaStd, +.codeMirrorTextAreaWrapper, +div.accumulator-scrollbox { + box-shadow: inset 0px 1px 3px #ccc; +} +.input-hide, input.input-hide, textarea.input-hide, +.splTextAreaStd textarea { + box-shadow: none; +} +label { + font-size: 12px; +} +label.disabledLabel { + color:#666; +} +select option[disabled] { + color:#999; + box-shadow: none; +} +input.readonly { + background-color: #999; + box-shadow: none; +} +p.exampleText { + color: #666; + clear: both; +} +p.fieldsetHelpText { + color: #666; +} +input[disabled]{ +background-color: #f4f4f1; +color: #333; +padding-left: 0; +box-shadow: none; +} +.splTextArea { + border:1px solid #ccc; +} + + +/* tables +------------------------------*/ +table.splTable { + border-color: #999; +} +table.splTable th { + border-color: #999; +} +table.splTable th a { + color: #000; +} +table.splTable td { + border-color: #CCC; +} +.empty_results { + background: #edede7; + border: 0px !important; + font-size: 12px; + font-weight: normal !important; + padding: 10px !important; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + color: #666 !important; +} + +/* sorting */ +.splSortNone, .splSortAsc, .splSortDesc { + background-image: url(/static/img/skins/default/splIcons.gif); + background-position: -67px -446px; + background-repeat: no-repeat; + cursor: pointer; +} +.splSortDesc { + background-position: -67px -365px; +} +.splSortDesc:hover { + background-position: -67px -385px; +} +.splSortAsc{ + background-position: -67px -385px; +} +.splSortAsc:hover { + background-position: -67px -366px; +} + +/* global elements +---------------------------------*/ +.splPipe { + color:#999; +} +.splDivider { + border-bottom-style: solid; + border-bottom-width: 1px; +} +#loading { + background-color:#73a550; + color:#fff; +} /* I smell a refactor here... */ +#loadingmessage { + font-size:18px; + background: url(/static/img/skins/default/loading_white.gif) no-repeat 0 0; +} +.popupLoading { + background: url(/static/img/skins/default/loading_white.gif) no-repeat 0 20px; + font-size:18px; +} +.mouseoverHighlight, .mouseoverHighlight td { + background-color:#f5e998; +} + +.searchFieldGhost { + border-color: #333; +} +.widgeterror { color: red; font-weight: bold; } + +.resultStatusMessage { + color: #666; +} + +/* percentage bar graph +_________________________________*/ +.splBarGraph { + background: #edede7; +} +.splBarGraphBar { + background: #73a550 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x; +} +.splBarGraphValue { + +} + +.graphLoading { + padding-bottom: 5px; +} + +/* popups +---------------------------------*/ + +.popupContainer { + z-index:10000; + border-color: #666; + -moz-box-shadow: 0 0 8px rgba(0, 0, 0, 0.7); + -webkit-box-shadow: #222 0 0 8px; + box-shadow: #222 0 0 8px; +} + +.wizardPopup .popupContent iframe { + width:400px; + border:none; + display: block; +} + +.wideTreeviewPopup .popupContent iframe { + width:700px; + height:433px; + border:none; + display: block; +} + +.panelEditorPopup .popupContent iframe { + width:340px; + border:none; + display: block; +} +.panelEditorPopup .popupContent { + min-width:340px; +} + +.fieldValuePopup { + border-color: #666; + -moz-box-shadow: none; /* needs dropshadow for others than ff3.5 and safari 4, removing this one and adding the jank normal dropshadow from menu*/ + -webkit-box-shadow: none; + box-shadow: none; + border: none; +} +.fieldValuePopup .fieldValuePopupInner { + border:1px solid #CCC; + background-image:url(/static/img/skins/default/bg_reversegradient_28.png); +} + +/* fieldpicker popup */ +.fieldLayers .popupContainer { + border-color: #ccc; +} + +.pdfPopup { + background: #fff; +} + +/* popup header bar */ +.splHeader-popup { + background: #000 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x 0 0; + _background: #000 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x 0 -450px; +} +.splHeader-popup h2 { + color:#FFF; + font-size:14px; +} + +.splHeader-popup, .splHeader-popup h2 { + cursor: move; +} + +/*iframe loading*/ +.popupContent .popup-loading { + width: 100%; + height:100%; + position:absolute; + top:0; + text-indent:-1000em; + direction:ltr; + background: #fff url('/static/img/skins/default/loading_white.gif') no-repeat center center; + _height:100px; /* IE6 won't recalculate height properly :( */ +} + +/* popup content */ +.popupContent { + background-color: #FFF; + position:relative; + _zoom:1; +} + +.popupContent .error, .wizard .error { + font-size: 12px; + background: #af4444; + margin: 10px; + margin-bottom: 0px; + + -moz-border-radius:4px 4px 4px 4px; + -webkit-border-radius: 4px 4px 4px 4px; + border-radius: 4px 4px 4px 4px; +} + +/* popup footer (button container) */ +.popupFooter { + background: #edede7 url(/static/img/skins/default/overlay_topInnerShadow_35.png) repeat-x; + _background: #000 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x 0 -231px; +} + +/* Field Value popup-specific styles */ + +.fieldValuePopup h3 em { + font-size:11px; +} + +.fieldValuePopup table th.fieldName { + font-weight: normal; +} + +.fieldValuePopup table tr:first-child th.fieldName { + font-weight: bold; +} + +.fieldValuePopup table td, .fieldValuePopup table th { + color:#333; + border-bottom-style: dotted; + border-bottom-width: 1px; +} + +.fieldValuePopup table tr.fieldNameHeaderRow th { + border-bottom-style: solid; + border-bottom-width: 1px; +} + +.fieldValuePopup table tr.fieldNameHeaderRow td { + font-weight:bold; + color:#000; + border-bottom: none; +} +.fieldValuePopup p.reportLinks, +.fieldValuePopup div.reportLinks +{ + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; +} + +/* overlays and shadows +---------------------------------*/ +.splOverlay, .splOverlay-white { + background-color: #000; + opacity:0.7; + filter:alpha(opacity=70); +} +.splOverlay-white { + background-color:#FFF; +} + +.splShadow { + background: url(/static/img/skins/default/shadow_soft.png) no-repeat bottom right; + -moz-border-radius-bottomleft: 16px; /*is this supposed to be different?*/ + -moz-border-radius-topright: 17px; + -webkit-border-top-right-radius: 17px; + -webkit-border-bottom-left-radius: 17px; + border-top-right-radius:17px; + border-bottom-left-radius:17px; + _background: none; +} + +/* buttons +---------------------------------*/ + +.splButton-primary, +.splButton-secondary, +.splButton-tertiary { + background: #73a550 url(/static/img/skins/default/overlay_gloss_28.png) repeat-x left -3px; + color: #FFF; + font-family: Arial, Helvetica, sans-serif; + font-size:12px; + border: 1px solid #5e8d3d; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + _background-image: none; +} +button.splButton-primary span, +button.splButton-secondary span, +button.splButton-tertiary span +{ + line-height:21px; /*Note: line-height won't work on buttons in FF*/ +} + +.splButton-primary { + color:#fff; + background-color: #659c40; + border: 1px solid #5e8d3d; +} +.splButton-secondary { + color: #333; + background-color:#fff; + border: 1px solid #bbb; +} +.splButton-tertiary { + color:#fff; + background-color: #548ea0; + border: 1px solid #498a99; +} + +.splButton-primary:hover, +.splButton-primary:focus { + background-color: #4e7830; + outline: none; +} + +.splButton-secondary:hover, +.splButton-secondary:focus { + background-color: #f3f3f3; + border-color: #aaa; + outline: none; +} + +.splButton-tertiary:hover, +.splButton-tertiary:focus { + background-color: #326c79; + outline: none; +} + +.splButton-disabled, +.splButton-disabled:hover, +.splButton-disabled:focus { + background: #bbb; + color: #999; + border-color: #999; +} + +.splButton-disabled .splButtonIcon { + opacity:0.5; +} + +.splButton-primary span.splMenuIcon, +.splButton-tertiary span.splMenuIcon { + background-position: 0 -300px; +} + +/* buttons Groups +---------------------------------*/ + +.splButtonGroup .splButton-primary, +.splButtonGroup .splButton-secondary, +.splButtonGroup .splButton-tertiary { + -moz-border-radius: 0; + -webkit-border-radius: 0; + border-radius: 0; + margin:0; + border-left-color: #8FB777; +} +.splButtonGroup .splButton-secondary { + border-left-color: #ddd; +} + +.splButtonGroup .splButton-tertiary { + border-left-color: #7ca6b0; +} + +.splButtonGroup .splButton-disabled { + border-left-color: #bbb; +} + +.splButtonGroup .splButton-primary:first-child, +.splButtonGroup .splButton-secondary:first-child, +.splButtonGroup .splButton-tertiary:first-child { + -moz-border-radius-bottomleft: 4px; + -webkit-border-bottom-left-radius: 4px; + border-bottom-left-radius: 4px; + -moz-border-radius-topleft: 4px; + -webkit-border-top-left-radius: 4px; + border-top-left-radius: 4px; + border-left-color: #5E8D3D; +} + +.splButtonGroup .splButton-secondary:first-child { + border-left-color: #ccc; +} + +.splButtonGroup .splButton-tertiary:first-child { + border-left-color: #498A99; +} + +.splButtonGroup .splButton-disabled:first-child { + border-left-color: #999; +} + +.splButtonGroup .splButton-primary:last-child, +.splButtonGroup .splButton-secondary:last-child, +.splButtonGroup .splButton-tertiary:last-child { + -moz-border-radius-bottomright: 4px; + -webkit-border-bottom-right-radius: 0; + border-bottom-right-radius: 4px; + -moz-border-radius-topright: 4px; + -webkit-border-top-right-radius: 0; + border-top-right-radius: 4px; + border-right-width:1px; +} + +/* Iconic Links +---------------------------------*/ + +.splIconicLinkIcon, .splButtonIcon, span.splMenuIcon { + background-image: url(/static/img/skins/default/sprite_button_icons.png); + _background-image: url(/static/img/skins/default/sprite_button_icons.gif); + background-position: 0 0; +} + + +.splIconicLinkIcon { + margin-top:2px; +} +.splIconicLinkLabel { + font-size:11px; +} + +.splIconicLinkDisabled { + background-image: none; + color: #999; +} + + +.splIconicLinkDisabled .splIconicLinkIcon { + -moz-opacity: 0.45; + opacity: 0.45; + -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=45)"; /* IE8 */ + filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=45); /* IE7 */ + filter:alpha(opacity=50); /* IE6 */ + + color: #999; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; +} + +.splIcon-export { + background-position: -26px -660px; +} + +.splIconicLinkDisabled .splIcon-export { + background-position: -13px -660px; +} + +.splIcon-options { + background-position: -26px -680px; +} + + +/* Splunk search button */ + +/* search button */ +input.searchButton { + background-color: #659c40; + background-image: url(/static/img/skins/default/search_button.png); + /* white > */ + background-position: right center; + /* black > -- uncomment for black arrow. -- + background-position: left center; + */ + /* corner rounding for good browsers */ + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + + border: 1px solid #5e8d3d; + font-family: Arial, Helvetica, sans-serif; + cursor: pointer; + + + _background-image: url(/static/img/skins/default/green_search_button.png); + _background-color:transparent; + _border: none; + _zoom:1; +} + +input.searchButton:hover, +input.searchButton:focus { + background-color: #4e7830; + _background-color:transparent; +} + +table.mainSearchControlsTable input.searchButton { + border-left-color: #8fb777; + -moz-border-radius-topleft: 0; + -moz-border-radius-bottomleft: 0; + -webkit-border-top-left-radius: 0; + -webkit-border-bottom-left-radius: 0; + border-bottom-left-radius: 0; + border-top-left-radius: 0; + border-bottom-left-radius: 0; +} + +/* button wrapper */ +.splButtonWrapper { + border-top-width:1px; + border-top-style:solid; +} + +/* icons +---------------------------------*/ +.splIcon { + background-image: url(/static/img/skins/default/splIcons.gif); + background-color: #999; +} + +/*-- external link icon --*/ +.spl-icon-external-link-xsm { + background: transparent url(/static/img/skins/default/icon-external-xsm.png) no-repeat 0 0; + _background: transparent url(/static/img/skins/default/icon-external-xsm.gif) no-repeat 0 0; + background-repeat:no-repeat; + background-position: 0% 50%; + display:inline-block; + padding-left: 15px; + margin-left: 5px; + font-style: normal; +} +.spl-icon-external-link-xsm.inline-icon { + margin-left: 0px; +} + +/*-- sidebar collapse icon --*/ +.splIcon-sidebar-open .splIconicLinkIcon { background-position: -26px -320px; } +.splIcon-sidebar-closed .splIconicLinkIcon { background-position: -26px -340px; } + +/*-- linear and log scale buttons --*/ +div.FlashTimeline a.linLogToggle { + color:#000; +} + +div.FlashTimeline a.linLogToggle:focus { + background-color: #ccc; +} + +div.FlashTimeline a.linLogToggle .splIcon-triangle-4-s { + background-position: -67px -367px; +} + + + +/*-- clear buttons --*/ +.splIcon-clear { + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 5px; + background-position: 0px 0px; +} +html>/**/body .splIcon-clear, x:-moz-any-link, x:default { /* do rounding for ff3, not ff2 */ + -moz-border-radius: 5px; +} +.splIcon-clear:hover { background-position: -20px 0px; } + +/*-- close icons --*/ +.splIcon-close { background-position: 0px 0px; } +.splIcon-close:hover { background-position: -20px 0px; } + +/*-- arrow icons --*/ +.splIcon-arrow-n, .splIcon-arrow-e, .splIcon-arrow-s, .splIcon-arrow-w { + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 5px; + background-color: #999; +} +html>/**/body .splIcon-arrow-n, html>/**/body .splIcon-arrow-s, html>/**/body .splIcon-arrow-e, +html>/**/body .splIcon-arrow-w, x:-moz-any-link, x:default { /* do rounding for ff3, not ff2 */ + -moz-border-radius: 5px; +} +.splIcon-arrow-n { background-position: 0px -100px; } +.splIcon-arrow-e { background-position: 0px -140px; } +.splIcon-arrow-s { background-position: 0px -120px; } +.splIcon-arrow-w { background-position: 0px -160px; } +.splIcon-arrow-n:hover { background-position: -20px -100px; } +.splIcon-arrow-e:hover { background-position: -20px -140px; } +.splIcon-arrow-s:hover { background-position: -20px -120px; } +.splIcon-arrow-w:hover { background-position: -20px -160px; } + +/*-- results view buttons --*/ +.splIcon-events-list, .splIcon-events-table, .splIcon-results-table, .splIcon-results-chart { + background-image: url(/static/img/skins/default/sprite_button_icons.png); + _background-image: url(/static/img/skins/default/sprite_button_icons.gif); +} +.splIcon-events-list { background-position: -26px -740px; } +.splIcon-events-table { background-position: -26px -760px; } +.splIcon-results-table { background-position: -26px -780px; } +.splIcon-results-chart { background-position: -26px -800px; } +.splIcon-events-list:hover { background-position: -39px -740px; } +.splIcon-events-table:hover { background-position: -39px -760px; } +.splIcon-results-table:hover { background-position: -39px -780px; } +.splIcon-results-chart:hover { background-position: -39px -800px; } + +/* triangles */ +/* Note: to separate color from implementation, we're using a numbering system to differentiate colors. + 1=grey,2=white,3=green,4=black,5=blue. If the icon sprite changes, the number mapping to colors would be different */ +.splIcon-triangle, +.splIcon-triangle-1-n, .splIcon-triangle-1-s, .splIcon-triangle-1-e, .splIcon-triangle-1-w, +.splIcon-triangle-2-n, .splIcon-triangle-2-s, .splIcon-triangle-2-e, .splIcon-triangle-2-w, +.splIcon-triangle-3-n, .splIcon-triangle-3-s, .splIcon-triangle-3-e, .splIcon-triangle-3-w, +.splIcon-triangle-4-n, .splIcon-triangle-4-s, .splIcon-triangle-4-e, .splIcon-triangle-4-w, +.splIcon-triangle-5-n, .splIcon-triangle-5-s, .splIcon-triangle-5-e, .splIcon-triangle-5-w { + background-color:transparent; +} +.splIcon-triangle-large { + background-color:transparent; +} + +/* grey */ +.splIcon-triangle-1-n { background-position: -7px -386px; } +.splIcon-triangle-1-s { background-position: -7px -367px; } +.splIcon-triangle-1-e { background-position: -7px -407px; } +.splIcon-triangle-1-w { background-position: -7px -427px; } +/* white */ +.splIcon-triangle-2-n { background-position: -27px -386px; } +.splIcon-triangle-2-s { background-position: -27px -367px; } +.splIcon-triangle-2-e { background-position: -27px -407px; } +.splIcon-triangle-2-w { background-position: -27px -427px; } +/* green */ +.splIcon-triangle-3-n { background-position: -47px -386px; } +.splIcon-triangle-3-s { background-position: -47px -367px; } +.splIcon-triangle-3-e { background-position: -47px -407px; } +.splIcon-triangle-3-w { background-position: -47px -427px; } +/* black */ +.splIcon-triangle-4-n { background-position: -67px -386px; } +.splIcon-triangle-4-s { background-position: -67px -367px; } +.splIcon-triangle-4-e { background-position: -67px -407px; } +.splIcon-triangle-4-w { background-position: -67px -427px; } +/* blue */ +.splIcon-triangle-5-n { background-position: -87px -386px; } +.splIcon-triangle-5-s { background-position: -87px -367px; } +.splIcon-triangle-5-e { background-position: -87px -407px; } +.splIcon-triangle-5-w { background-position: -87px -427px; } + +/* state interaction +_________________________________*/ + +.fatal, .error, .warn, .info, .persistent { + background: url(/static/img/skins/default/overlay_gradient_28_plus.png) repeat-x top left; + _background: #000 none; + font-weight: bold; +} + +.fatal, .error { + background-color: #a62f2f; + color: #fff; +} +.warn, .persistent { + background-color: #ffee91; + color: #000; +} +.info { + background-color: #e8f8ff; + color: #000; +} + + +.fatal .remove, .error .remove, .warn .remove, .info .remove, .persistent .remove { + background: #000 url(/static/img/skins/default/splIcons.gif) no-repeat top left; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; +} + +.fatal .remove, .error .remove { + background-color: #6f2121; +} +.warn .remove, .persistent .remove { + background-color: #b9ac66; +} +.info .remove { + background-color: #94a9b2; +} + + +/* menu classes +---------------------------------*/ + +.splMenu { + font-size: 11px; + font-family: Arial, Helvetica, sans-serif; +} + +/* primary menu - white */ +.splMenu-primary, .splMenu-primary a { + color: #333; +} +.splMenu-primary li.disabled a { + color:#999; +} +.splMenu-primary ul { + background-color: #FFF; +} +.splMenu-primary .actionsMenuDivider { +} + +/* primary menu hover styles */ +.splMenu-primary li:hover { + background: #f3ecbb; +} +.splMenu-primary ul li.htmlBlock:hover { + background-color: transparent; +} + +/* secondary menu - black */ +.splMenu-secondary, .splMenu-secondary a { + color: #CCC; +} +.splMenu-secondary li.disabled a { + color:#999; +} +.splMenu-secondary ul { + background-color: #000; + border-color: #333; +} + +/* primary menu hover styles */ +.splMenu-secondary li:hover { + background-color: #7b9059; +} +.splMenu-secondary a:hover { + color: #FFF; +} +.splMenu-secondary ul li.htmlBlock:hover { + background-color: transparent; +} + +/* Tab styles +-------------------------------*/ + +.tabsWrapper { + background-color: #bdbdb7; +} +ul.tabs li { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 -68px; +} +ul.tabs li a { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -102px; + color: #FFF; + font-size: 12px; +} +/* on state */ +ul.tabs li.selected { + background-color: #FFF; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 0; +} +ul.tabs li.selected a { + color: #333; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -34px; +} + +/* jquery ui styles +_______________________________*/ + +/* datepicker styles */ +.ui-datepicker { + border: 1px solid #ccc; + background: #FFF; +} +.ui-datepicker a { + color: #333; +} +.ui-datepicker-inline { + border-style: solid; + border-width: 1px; +} +.ui-datepicker-header { + background: #edede7 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x scroll 0 -5px; + _background: #edede7 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x scroll 0 -5px; +} +.ui-datepicker-header a { + background-image: url(/static/img/skins/default/splIcons.gif); + background-repeat: no-repeat; +} +.ui-datepicker-prev { + background-position: -67px -418px; +} +.ui-datepicker-next { + background-position: -67px -398px; +} +.ui-datepicker-current-day { + background-color: #a8c479; +} + +/* resizable styles */ +.ui-resizable-s { + background:#cdcdc7 url(/static/img/skins/default/bg_resizer.gif) center no-repeat !important; + _font-size:0; +} + +.ui-resizable-helper { + border: 1px dashed #999; +} + +/* TimeSpinner styles */ +.TimeSpinner { + border: 1px solid #ccc; +} + +/*********************************** + Module styles +************************************/ + +/* Dev note: putting these in here for now, figuring out what refactoring can be done later */ + + +/*** Gandalf ***/ + +/* TimeRangeBinning */ +.TimeRangeBinning .trbToggle { + font-size:12px; +} +.TimeRangeBinning .trbToggle span.splIcon-triangle { + background-position: -87px -407px; + background-color: transparent; +} +.TimeRangeBinning .trbOn span.splIcon-triangle { + background-position: -87px -367px; +} + +/*** Jobs ***/ + +/* Job Status */ + +.JobStatus { + background-color: #EDEDE7; +} + +.JobStatus .output .scanned, +.JobStatus .output .results { + font-style:normal; + font-size:12px; +} +.JobStatus .output .running h2, +.JobStatus .output .runningReport h2, +.JobStatus .output .finalizing h2 { + background: url(/static/img/skins/default/loader_green_on_grey.gif) left no-repeat; + /* use loader.gif for green on white */ +} + +.JobStatus .output .complete h2 { + background: url(/static/img/skins/default/bg_job_status.png) 0 -13px no-repeat; +} + +.JobStatus .output .paused h2 { + background: url(/static/img/skins/default/bg_job_status.png) 0 8px no-repeat; +} + +.autoPauseText > strong { + color: #900; +} + +/* link icons */ + + + +.save .splButtonIcon { + background-position: 0 -160px; +} + +.create .splButtonIcon { + background-position: 0 -180px; +} +.inspector .splButtonIcon { + background-position: 0 -120px; +} + +.print .splButtonIcon { + background-position: 0 -140px; +} + +.background .splButtonIcon{ + background-position: 0 -20px; +} + +.finalize .splButtonIcon { + background-position: 0 -80px; +} + +.pause .splButtonIcon { + background-position: 0 -60px; +} + +.unpause .splButtonIcon{ + background-position: 0 -40px; +} + +.cancel .splButtonIcon{ + background-position: 0 -100px; +} + +.schedulepdf .splButtonIcon{background-position:0 -560px;} +.move .splButtonIcon{background-position:0 -580px;} +.add .splButtonIcon{background-position:0 -640px;} +.permissions .splButtonIcon{background-position:0 -600px;} +.xml .splButtonIcon{background-position:0 -620px;} + +/* IE6 removal of gradient overlays */ +.JobStatus .splHeader { + _background-image: none; +} + +.JobStatus .autoPauseTip { + color: #800; +} +.JobStatus .autoPauseTip a { + color: #1a7996; +} + +/*** Nav ***/ + +/* AppBar */ +ul.appBarNav li a:hover, +ul.appBarNav li a.menuOpen { + background: url(/static/img/skins/default/overlay_white_28.png) repeat-x 0 0; + _background: url(/static/img/skins/default/backgrounds_ie.gif) repeat-x 0 -727px; +} +ul.appBarNav li a { + font-size: 11px; + font-weight: bold; +} +.splMenu-primary ul li.splUserCreated { + background-image: url(/static/img/skins/default/greendot.gif); + background-repeat: no-repeat; + background-position: 4px 10px; +} + +/* BreadCrumb */ +.BreadCrumb { + font-size:14px; +} +.BreadCrumb .gt { + color:#888; +} + +/* TitleBar */ +.TitleBar div.menuOpen, .TitleBar a.menuOpen { + background-color: #CCC; +} +.TitleBar h2 em { + font-style:normal; +} +.TitleBar .splPipe { + font-size:12px; +} + +/*** Results header ***/ +h2 .timeRangeStr { + font-weight: normal; +} + + +/*** Message ***/ +.Message ol { + font-size: 0px; + line-height: 1; +} +.Message ol li { + font-size: 11px; + line-height: 16px; + padding: 6px 10px; +} + +/*** Paginator ***/ + +.Paginator a, .Paginator .disabled:hover { + border-style: solid; + border-width: 1px; + border-color: #fff; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; + _border-width:0px; +} +.Paginator a:hover { + border-color: #ccc; + text-decoration:none; +} +.Paginator .active a, .Paginator .active a:hover { + background-color: #999; + -webkit-box-shadow: inset 1px 1px 1px 0px #333333; + -moz-box-shadow: inset 1px 1px 1px 0px #333333; + box-shadow: inset 1px 1px 1px 0px #333333; + color: #fff; + border-color: #fff; +} +.Paginator .previous, .Paginator .next { + color:#999; +} + + +/*** Prototypes ***/ + +/* SimpleEventsViewer */ + +.SimpleEventsViewer { + background-color:#fff; +} +.SimpleEventsViewer span.searchTermHighlight { + background-color:#f5e998; +} +.SimpleEventsViewer .eventFields { + color: LightSlateGrey; +} +.SimpleEventsViewer .eventFields .value { + color: #000; +} + +/*** Results ***/ + +/* EventsViewer */ + +.EventsViewer, .SimpleResultsTableResults { +} + +.EventsViewerScroller { + border-top-style: solid; + border-top-width: 1px; +} +.EventsViewer .header { + font-weight:normal; + font-size:11px; + color:#333; +} +.EventsViewer .header em { + font-weight:bold; + font-style:normal; +} + +.EventsViewer .tb { + border:1px solid red; +} +.EventsViewer .tb h2 { + font-size:11px; + font-weight:bold; +} +.EventsViewer .tb h3 { + font-size:10px; + font-weight:bold; +} +.EventsViewer .tb td:first-child { + color:#666; +} +.EventsViewer .default .pos { + font-style:normal; + font-size:11px; + color:#bbb; +} +.EventsViewer .default .time { + font-style:normal; + font-size:11px; + color:#666; +} +.EventsViewer .default .audit { + font-style:normal; + display:block; + padding:2px 0px 4px 20px; + color:#666; +} +/* BEGIN NOTICE: decoration_audit_ class names currently have no indirection, do not change! */ +.EventsViewer .default .decoration_audit_valid { + background:url(/static/img/skins/default/audit_valid.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_gap { + background:url(/static/img/skins/default/audit_gap.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_tampered { + background:url(/static/img/skins/default/audit_tampered.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_cantvalidate { + background:url(/static/img/skins/default/audit_cantvalidate.gif) no-repeat; +} +/* END NOTICE: decoration_audit_ class names currently have no indirection, do not change! */ +.EventsViewer .default .event { + font-family:Consolas, Monaco, Courier New, monospace; + font-size: 12px; + color:#333; +} +.EventsViewer .default .a, .EventsViewer .default .h, .EventsViewer .default .fields .v:hover, .EventsViewer .default .fields .tg:hover, .EventsViewer .default .time:hover { + background-color:#f5e998; +} +.EventsViewer .default .showinline { + color:#4D9BB3; +} +.EventsViewer .default .fields li { + color:#778899; +} +.EventsViewer .default .fields em { + font-style:normal; +} +.EventsViewer .default .fields .k { + color:#999; +} +.EventsViewer .default .fields .v { + color:#333; +} +.EventsViewer .default .fields .tg { + color:#999; + font-style:italic; +} +.EventsViewer .default .fields .fm { + background: url(/static/img/skins/default/splIcons.gif) no-repeat -67px -364px; + color:#FFF; +} +.actions .splButtonIcon { + background-position: 0 -280px; +} + + +.results-table-help { + font-size: 12px; +} + +/* BEGIN: tag field popup styles */ +.tagfieldpopup { + background:#FFF; +} +.tagfieldpopup input { + font-size:11px; + color:#333; +} + + + +/* FancyChartTypeFormatter */ +.FancyChartTypeFormatter .chartTypeTitle { + font-size: 12px; +} +.FancyChartTypeFormatter .chartTypeActivator { + border-style: solid; + border-width: 1px; + background: url(/static/img/skins/default/overlay_gradient_28.png) repeat-x 0 0; +} +.FancyChartTypeFormatter .chartTypeActivator span { + background: url(/static/img/skins/default/arrows.gif) no-repeat 0 0 ; +} +.FancyChartTypeFormatter .chartTypeMenu ul { + background-color:#FFF; + border-style: solid; + border-width: 1px; +} +.FancyChartTypeFormatter .chartTypeMenu li:hover { + background-color: #f3ecbb; +} +.FancyChartTypeFormatter .chartTypeActivator a, +.FancyChartTypeFormatter .chartTypeMenu li a { + color:#333; + text-decoration:none; + font-size:12px; + background-image:url(/static/img/skins/default/chart_type_icons.gif); + background-repeat:no-repeat; + background-position: 5px -45px; +} +.FancyChartTypeFormatter .chartTypeMenu li.column a, +.FancyChartTypeFormatter .chartTypeActivator a.column { + background-position: 5px 3px; +} +.FancyChartTypeFormatter .chartTypeMenu li.line a, +.FancyChartTypeFormatter .chartTypeActivator a.line { + background-position: 5px -45px; +} +.FancyChartTypeFormatter .chartTypeMenu li.area a, +.FancyChartTypeFormatter .chartTypeActivator a.area { + background-position: 5px -94px; +} +.FancyChartTypeFormatter .chartTypeMenu li.bar a, +.FancyChartTypeFormatter .chartTypeActivator a.bar { + background-position: 5px -144px; +} + +/* Timeline */ +/* + background-color -> controls bgcolor + border-left-color -> controls foregroundColor + color -> controls fontColor + border-right-color -> controls seriesColor +*/ + + +/********************************** +Timeline and charts +***********************************/ + +div.FlashTimeline, +div.FlashTimeline .splHeader { + background-color: #fff; + + /* Color of the chart lines */ + border-left-color: #000; + + /* Color of the columns */ + border-right-color: #73a550; + + color: #000; +} + +div.FlashTimeline a.splIconicLinkDisabled { + color: #999; +} + +div.FlashTimeline .splHeader { +/* background-image: none;*/ + border-top-width: 0; +} + + +div.FlashTimeline a.hideshow .splIconicLinkIcon { + background-position: -26px -400px; +} + +div.FlashTimeline .minimized a.hideshow .splIconicLinkIcon { + background-position: -26px -420px; +} + + +.TimelineContainer, +.FlashWrapperContainer { + padding-bottom: 7px; + _padding-bottom:0; +} + +.FlashTimeline .zoomIn .splIconicLinkIcon { + background-position: -26px -480px; +} + +.FlashTimeline .zoomOut .splIconicLinkIcon { + background-position: -26px -500px; +} + +.FlashTimeline .selectAll .splIconicLinkIcon { + background-position: -26px -520px; +} +.FlashTimeline .splIconicLinkDisabled.zoomIn .splIconicLinkIcon { + background-position: -13px -480px; +} + +.FlashTimeline .splIconicLinkDisabled.zoomOut .splIconicLinkIcon { + background-position: -13px -500px; +} + +.FlashTimeline .splIconicLinkDisabled.selectAll .splIconicLinkIcon { + background-position: -13px -520px; +} + + + +/* FlashChart */ +/* + background-color -> controls bgcolor + border-left-color -> controls foregroundColor + color -> controls fontColor +*/ +div.FlashChart { + background-color: #fff; + border-left-color: #000; + color: #000; +} + +/* JSChart: + * + * JSChart will adopt the same styles as FlashChart, this allows backwards compatibility with any styling + * applied to FlashChart in an application.css file + */ + +/* MultiFieldViewer + SuggestedFieldViewer */ +.MultiFieldViewer .fieldTabs .mouseoverHighlight, +.MultiFieldViewer .fieldTabs .selected, +.SuggestedFieldViewer .fieldTabs .mouseoverHighlight, +.SuggestedFieldViewer .fieldTabs .selected { + background-color:#C2D4DA; +} + +.MultiFieldViewer .fieldTabs .mouseoverHighlight a, +.SuggestedFieldViewer .fieldTabs .mouseoverHighlight a { + background-image: url(/static/img/skins/default/graph_icon.png); + background-repeat: no-repeat; + background-position: right 3px; +} + +.MultiFieldViewer .valueCount, +.SuggestedFieldViewer .valueCount { + color: #999; +} + +.MultiFieldViewer .iconNumeric, +.SuggestedFieldViewer .iconNumeric, +.MultiFieldViewer .iconString, +.SuggestedFieldViewer .iconString { + font-family: "Times New Roman", Georgia, Times, serif; + color: #999; + font-style: italic; + font-weight: bold; + font-size: 13px; + line-height: 12px; +} + +/* Count */ +.Count label, .Count select { + font-size: 11px; +} + +.pageControls .Count .perPageLabel{ + color: #333; +} + +/* EnablePreview */ +.pageControls .EnablePreview label { + font-size:11px; +} + +/* ResultsActionsButtons */ +.ResultsActionButtons { + background-color: #EDEDE7; +} + +/* SimpleResultsTable */ +table.simpleResultsTable td.pos, +table.simpleResultsTable th.pos { + color: #bbb; + border: none; +} +table.simpleResultsTable td.lowValue { + border: 1px solid blue; +} +table.simpleResultsTable td.highValue { + border: 1px solid red; +} + +/* SingleValue */ +.SingleValueHolder { + background-color: #ccc; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + font-size: 16px; + font-weight: bold; + -moz-box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + -webkit-box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + background-image:url(/static/img/skins/default/overlay_gradient_50.png); + background-repeat: repeat-x; + _background-image: none; + +} +.SingleValue .severe { + background-color: #bb2121; + color: #fff; +} +.SingleValue .high { + background-color: #e67918; + color: #fff; +} +.SingleValue .elevated { + background-color: #e9da34; + color: #000; +} +.SingleValue .guarded { + background-color: #4da6df; + color: #fff; +} +.SingleValue .low { + background-color: #72c72d; + color: #fff; +} +.SingleValue .None { + background-color: #999; + color: #fff; +} + +/*** Search ***/ + +/* Field Picker */ + +.FieldPickerPopup .fpUpdateFields, .FieldPickerPopup .fpUpdateFieldsUpdate { + color: #E5F2F5; +} +.FieldPickerPopup li.fpSelFieldsNotPresent { + color:#999; +} +.FieldPickerPopup .fpAddTermCell span.splIcon-arrow-e { + background-color: #73a550; +} +.FieldPickerPopup li.fpSelFieldsNotPresent span { + background-color: #CCC; +} +.FieldPickerPopup .fpFilterFields label { + font-weight: bold; + font-size: 11px; +} +.FieldPickerPopup .fpFieldListContainerOuter { + _background: url(/static/img/skins/default/field_list_header.png) repeat-x 0 0; +} +.FieldPickerPopup .fpFieldListContainerOuter thead tr { + background-position: left -5px; +} +.FieldPickerPopup .fpFieldListContainerOuter th span { + background-color: transparent; + background-position: -67px -441px; +} +.FieldPickerPopup .fpFieldListContainerOuter +.headerSortUp span { + background-position: -67px -379px; +} +.FieldPickerPopup .fpFieldListContainerOuter th.headerSortDown span { + background-position: -67px -360px; +} +.FieldPickerPopup .fpFieldList tr.fieldSelected td.fpFieldTerm { + color:#999; +} +.FieldPickerPopup .fpFieldList tr.fieldSelected td.fpAddTermCell span { + background-color: #CCC; +} + +.fpFieldList .splHeader { + background-image: url(/static/img/skins/default/overlay_gradient_28.png); + _background-image: none; +} + + + +/* adding this class on hover via jquery, handles row highlighting and graph icon */ +.FieldPickerPopup .fpFieldList tbody tr:hover, .FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight { + background-color: #f5e998; +} +.FieldPickerPopup .fpFieldList tbody tr:hover .fpFieldListSecond a, +.FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight .fpFieldListSecond a { + background: url(/static/img/skins/default/graph_icon.png) no-repeat center right; +} + + + + +/*** SearchBar for DEFAULT.CSSS ***/ + +table .SearchBar .searchFieldWrapper { +} + +table.mainSearchControlsTable .SearchBar .searchFieldWrapper { + border: 1px solid #5e8d3d; + background-color: #5e8d3d; + + + border-right-width: 0; + -moz-border-radius-topright: 0; + -moz-border-radius-bottomright: 0; + -webkit-border-top-right-radius: 0; + -webkit-border-bottom-right-radius: 0; + border-bottom-right-radius: 0; + border-top-right-radius: 0; + border-bottom-right-radius: 0; + background: #73a550 url(/static/img/skins/default/search_bar.png); + _background: #73a550; + _background-image: none; +} + +.SearchBar .searchFieldWrapperInner { + border-color: #a0c288; +} + +.SearchBar label { + color: #bbb; +} + +.SearchBar .assistantActivator { + background-color:#689549; + background-image: url(/static/img/skins/default/overlay_gradient_28.png); + _background-image: none; + background-repeat: repeat-x; +} +.SearchBar .assistantEnabled span.assistantAutoOpener { + color: #fff; +} +.SearchBar .assistantEnabled span.saHandle { + background:transparent url(/static/img/skins/default/bg_resizer_white.png) center no-repeat; + _background:transparent url(/static/img/skins/default/bg_resizer_white.gif) center no-repeat; +} +.SearchBar h4 { + color: #73A550; +} +.sakeywordCount{ + background-color: #fff; + color: #333; +} +.saKeywordSelected { + background-color: #f5e998; +} +.saKeywordSelected .sakeywordCount{ + background-color: #f5e998; +} + +.sakeyword:hover { + background-color: #EDEDE7; +} +.sakeyword:hover .sakeywordCount{ + background-color: #EDEDE7; +} +.splSearchControls-inline { + background-repeat: repeat-x; + background-position: bottom; + _background-image: none; +} +.SearchBar .assistantWrapperEnabled { + -webkit-box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + -moz-box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + border-top:1px solid #A0C288 ; +} + +.SearchBar .assistantInner { + background: #edede7 url(/static/img/skins/default/bg_search_assistant.png) left top repeat-y; + zoom:1; +} +.SearchBar .assistantInnerHelpOnly { + background-color: #edede7; + background-image: none; +} + + +.SearchBar .assTab .splIcon { + background-position: 0 -582px; + background-color: transparent; +} +.SearchBar .assistantWrapperEnabled .assTab .splIcon { + background-position: 0 -562px; +} + + +.SearchBar .saHelpWrapper { + border-left-color: #fff; +} +.SearchBar .sakeyword em { + font-style: normal; + font-weight: bold; + color: #046a89; +} +.SearchBar .saNotice { + background-color: #f5e998; + border-color: #CCC !important; +} +.SearchBar .error { + background-color: #f5e998; + border-color: #CCC !important; + color: #900; + background-image: none; +} + +.introstep { + color: #333; +} +.intro code { + color: #73A550; +} +.SearchBar .intro ul li{ + list-style-type: disc; +} + +.splView-flashtimeline .JobStatus { + background: #EDEDE7 url('/static/img/skins/default/overlay_bottomgradient_32.png') repeat-x bottom left; + _background-image: none; + border-bottom-color: #a4a4a4; +} + + +.splView-flashtimeline .ChartTypeFormatter { + border-bottom: 1px solid #ccc; +} + +.splView-flashtimeline .ShowHideHeader div.secondary h2 { + font-size: 12px; +} +.splView-flashtimeline .ShowHideHeader { + border-top-width: 2px; +} + + +div.splSearchFormatChart-tabs ul li.selected .linkSwitcherSelectedIcon { + background: transparent url(/static/img/skins/default/splIcons.gif) -68px -346px no-repeat; +} + +/* TimeRangePicker */ +.TimeRangePicker .timeRangeActivatorWrapper { + background-image: url(/static/img/skins/default/overlay_topgradient_white.png); + background-repeat: repeat-x; + background-color:#d5d5d1; + _background-image:url(/static/img/skins/default/backgrounds_ie6.gif); + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; +} + + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivator { + padding-top: 3px; +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper { + border: 1px solid #5e8d3d; + border-left-width: 0; + -moz-border-radius: 0; + -webkit-border-radius: 0; + border-radius: 0; + + color: #fff; + + background: #659c40 url(/static/img/skins/default/search_bar.png); + _background-image: url('/static/img/skins/default/green_search_button.png'); + _background-repeat: no-repeat; + _background-position: 0px -74px; + + font-size: 12px; + height: 26px; +} + +/* IE6 & 7 FIX*/ +.mainSearchControlsTable .timeRangeActivatorWrapper{*position:relative;} +.mainSearchControlsTable .dropDown +{ + *position:absolute; + *top:0px; + *right:10px; +} +/*IE7 double input border*/ +*+html .mainSearchControlsTable .SubmitButton fieldset{border:1px solid #5E8D3D ;} +*+html .mainSearchControlsTable .SubmitButton input { + border:0; + height: 26px; + width: 42px; +} +/*IE7 min width */ +*+html .mainSearchControlsTable .timeRangeActivator { + min-width:100px; + width:expression(this.currentStyle.getAttribute('minWidth')); +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper:hover, +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper:focus { + background-color: #4e7830; + text-decoration: none; +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper .dropDown { + background-position: -27px -367px; + margin-top: 11px; +} + + +.trpCustomDateTime .rangeType { + border-bottom: 1px solid #CCC; +} +.trpCustomDateTime input.disabled { + background-color: #DDD; + border-color:#DDD; + color:#666; +} +.trpCustomDateTime .earliestDateTime, +.trpCustomDateTime .latestDateTime { + border: 1px solid #ccc; +} +.trpCustomDateTime .dateTimeDisabled { + background-color: #f4f4f1; + border-color:#f4f4f1; + color:#666; +} +.trpCustomDateTime .dateTimeDisabled input { + background:transparent; +} +.trpCustomDateTime input.customDate { + border: none; + background: transparent; +} +.trpCustomDateTime div.outputString { + background-color: #f4f4f1; + border: 1px solid #f4f4f1; + color:#333; +} + + +/*** Report builder ***/ + +.report_builder_format_report .viewHeader { + border: 0; +} + +.report_builder_format_report .JobStatus { + border: 0; +} +.ShowHideHeader { + border-top-width: 1px; + border-top-style: solid; +} + +/*** Advanced charting ***/ + +.splView-charting .ResultsHeader .splHeader-primary { + background-image: none; +} + +/*** Switchers ***/ + +/* ButtonSwitcher */ +.ButtonSwitcher ul li.selected .splIcon-events-list { + background-position: 0 -740px; +} +.ButtonSwitcher ul li.selected .splIcon-events-table { + background-position: 0 -760px; +} +.ButtonSwitcher ul li.selected .splIcon-results-table { + background-position: 0 -780px; +} +.ButtonSwitcher ul li.selected .splIcon-results-chart { + background-position: 0 -800px; +} +.ButtonSwitcher ul li.disabled .splIcon-events-list { + background-position: -13px -740px; +} +.ButtonSwitcher ul li.disabled .splIcon-events-table { + background-position: -13px -760px; +} +.ButtonSwitcher ul li.disabled .splIcon-results-table { + background-position: -13px -780px; +} +.ButtonSwitcher ul li.disabled .splIcon-results-chart { + background-position: -13px -800px; +} +.ButtonSwitcher ul li.disabled a * { + cursur:default; +} + + +.ButtonSwitcher ul li { + border-color: #fff; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; +} + +.ButtonSwitcher ul li.selected, .ButtonSwitcher ul li.selected:hover { + background-color: #999; + -webkit-box-shadow: inset 1px 1px 1px 0px #333333; + -moz-box-shadow: inset 1px 1px 1px 0px #333333; + box-shadow: inset 1px 1px 1px 0px #333333; +} + +/* Link Switcher */ +.LinkSwitcher a { + font-size: 12px; +} +.LinkSwitcher ul li.selected a { + color:#333; + font-weight: bold; + text-decoration:none; +} + +/* ShowHideHeader */ +.ShowHideHeader div.secondary { + background-image: none; +} +.ShowHideHeader h2 span.splIcon-triangle { + background-position: -67px -367px; +} +.ShowHideHeader div.secondary h2 { + font-size: 11px; + font-weight: normal; +} +.ShowHideHeader div.secondary h2 span.splIcon-triangle { + background-position: -87px -367px; +} +.ShowHideHeader div.secondary h2:hover { + text-decoration:underline; +} +.ShowHideHeader h2.closed span.splIcon-triangle { + background-position: -67px -407px; +} +.ShowHideHeader div.secondary h2.closed span.splIcon-triangle { + background-position: -87px -407px ; +} + +/* TabSwitcher */ +.TabSwitcher { + background-color: #bdbdb7; +} +.TabSwitcher ul li { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 -68px; +} +.TabSwitcher ul li a { + font-size: 12px; + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -102px; + color: #FFF; +} +.TabSwitcher ul li.selected { + background-color: #FFF; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 0; +} +.TabSwitcher ul li.selected a { + color: #333; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -34px; +} + +/* progress bar */ + +.JobProgressIndicator .splBarGraph { + background-image:url(/static/img/skins/default/overlay_innershadow_4.png); + _background-image: none; +} + +.JobProgressIndicator .splBarGraphBar { + background-image:url(/static/img/skins/default/overlay_gradient_4.png); + _background-image: none; +} + + + +/********************************** +Interactive Field Extractor +***********************************/ +.ifxHelpColumn { + background-color:#E5F2F5; +} + +.ifxHelpColumn h4 { + color:#111 +} + + +/********************************** +hacks +***********************************/ + +/* safari focus outline */ +/* +*:focus {outline: 0;} +*/ + diff --git a/apps/eventid/bin/ev_process_proc.py b/apps/eventid/bin/ev_process_proc.py new file mode 100755 index 00000000..3f5eccf2 --- /dev/null +++ b/apps/eventid/bin/ev_process_proc.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +import csv +import sys +import re + + +# arp.exe,Target Discovery,Obtains information about hosts on the local broadcast domain +# New_Process_Name = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe +# C:\Windows\System32\wbem\WmiPrvSE.exe + +def process_interesting(full_path_process): + try: + process_path_elements = full_path_process.split("\\") + process = process_path_elements[len(process_path_elements)-1] + return process + except: + return full_path_process + +def main(): + if len(sys.argv) != 3: + print "Usage: python ev_process_proc.py [full_path_process] [process]" + print sys.argv[1] + print len(sys.argv) + sys.exit(1) + + full_path_process = sys.argv[1] + process = sys.argv[2] + + infile = sys.stdin + outfile = sys.stdout + + r = csv.DictReader(infile) + header = r.fieldnames + + w = csv.DictWriter(outfile, fieldnames=r.fieldnames) + w.writeheader() + + for result in r: + if result[full_path_process]: + result[process] = process_interesting(result[full_path_process]) + if result[process]: + w.writerow(result) + +main() diff --git a/apps/eventid/bin/ev_process_xml_parameters.py b/apps/eventid/bin/ev_process_xml_parameters.py new file mode 100755 index 00000000..b6ec9a79 --- /dev/null +++ b/apps/eventid/bin/ev_process_xml_parameters.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +import csv +import sys +import re +import xml.etree.ElementTree as ET + +# Windows Modules InstallerstoppedWelcome to the EventID.Net Windows Event Logs app!
+ +The Windows Event Log App assumes that Splunk is collecting information from Windows servers and workstation via one of the following methods: +
All these methods will collect the events and either collect them in the "wineventlog" Splunk index or record them in the default index with source the source set as "*WinEventLog*" (notice the wildcards). The app analyzes the entries matching these criteria (index="wineventlog" OR source=*WinEventLog*). This matches the defaults used by the Universal Forwarder, the collection of local Windows event logs and the collection via WMI.
+ +In order to create the proper indexes, we recommend the installation of the Splunk Add-on for Microsoft Windows app.
+ +To collect the logs from remote computers without installing the Universal Forwarded on each computer, configure the forwarding of event logs to central location using the Windows built-in event forwarding. See Configure Computers to Forward and Collect Events for details on how to configure a computer as a collector of logs.
+ + +If no data is displayed, please verify that the Universal Forwarder is installed properly and that the all the Windows event logs are sent to the "wineventlog" index (or the WinEventLog* sources).
+ +If the data is stored in a different index, the user can update the macros.conf [event_sources] section by using the application setup.
+ +The Interesting Processes section from the Processes dashboard is partially based on a presentation by Michael Gough from www.malwarearchaeology.com: "The Top 10 Windows Event ID's Used To Catch Hackers In The Act". See for the presentation slides and information on how to enable the auditing of processes, including command-line based ones. The list of "interesting processes" is based on a study by JPCERT CC (Japan Computer Emergency Response Team Coordination Center) on detecting lateral movement through tracking of event logs. The list is stored in C:\Program Files\Splunk\etc\apps\eventid\lookups\interesting_processes.csv and it can be adjusted with a text editor if needed. For full functionality the audit of the command line arguments has to be enabled as described in Command Line Process Auditing
+ +The XML dashboard is design to report Windows events rendered from the XML by using the renderXML stanza. The renderXML option reduced the volume of data to about 25% of the regular events, however some details such as the full description of the event are no longer recorded. See Feature Overview: XML Event Logs for more details.
+ +Each of the dashboard can be set as an alarm (i.e. notifications when a certain number of failed logins are recorded, when certain processes are executed, etc).
+ +Send any suggestions and questions to support@altairtech.ca. We can also provide advice in setting up the Splunk receiver for the Universal Forwarder.
+ +We publish the most current version of EventID.Net Windows Event Logs Splunk app on www.eventid.net. Splunk may takes weeks or months to certify a new version.
+ + +