When you embed reports, Splunk software generates URLs that point to the reports in your Splunk deployment. These URLs normally can only be used on the search head on which they were generated. If you set a string value for the embedSecret parameter in server.conf all search heads in a search head pool can use the same URL.

You can set any string value for embedSecret. Think of it as a sort of password. The embedSecret parameter has no value by default.

When Splunk software embeds a report in an external web page, it makes several HTTP requests to various resources that in some cases may invoke the SSO authentication system. To get around this, update the embed_uri attribute in web.conf with an alternative URI IP address, host, or port prefix. This hardcodes the path so it always goes through an externally accessible IP address or host name.

By default embedded reports display a footer that includes the Splunk logo. You can optionally change this to a text string by modifying the embed_footer attribute in web.conf.

Although the default setting of embed_footer = splunk displays the Splunk logo as the footer, you cannot use this parameter to insert alternative icons or images.

You can optionally disable report embedding for all users of a particular Splunk Enterprise deployment. In server.conf, change the value of the allowEmbedTokenAuth parameter from true to false.

The saved searches endpoint adds the embed.enabled parameter to scheduled report stanzas in savedsearches.conf when you embed those reports. The embed.enabled parameter determines whether or not a given report is enabled for embedding. It is set to 1 if it is enabled.