Advanced Dashboard XML Validator & SPL Analyzer for Splunk
Validate, analyze, and optimize your Splunk dashboards—entirely in your browser or directly in Splunk
🌐 Web App · 📦 Splunk Add-on · Report Bug · Request Feature
Note: This is a community-maintained, non-official tool. It is not affiliated with Splunk.
- Overview
- Splunk Add-on
- Features
- Quick Start
- Installation
- Usage Guide
- Validation Rules
- SPL Analysis
- Export Options
- Architecture
- Contributing
- Roadmap
- FAQ
- License
SplunkLint is a comprehensive, browser-based tool for validating and analyzing Splunk Dashboard XML. It provides real-time feedback, actionable recommendations, and deep SPL query analysis—all without sending your data anywhere.
| Challenge | Solution |
|---|---|
| 🐛 Catching XML errors | Validate syntax before deploying to production |
| 🐌 Slow dashboards | Identify performance bottlenecks in SPL queries |
| 📚 Learning best practices | Get contextual suggestions based on Splunk patterns |
| ⏱️ Deployment delays | Validate locally without Splunk access |
| 🔒 Data privacy concerns | Everything runs in your browser—zero data transmission |
Want even more features? Install the SplunkLint Add-on directly in your Splunk environment!
The Splunk Add-on provides 8 powerful tools that go far beyond what native Splunk offers:
| Tool | Description |
|---|---|
| 🔍 Validate | Full XML validation with security checks and deprecation warnings |
| 📊 Complexity Analyzer | Dashboard complexity scoring (A-F grade) with optimization recommendations |
| ⚡ SPL Optimizer | Query performance scoring (0-100) with automatic rewrite suggestions |
| 🔗 Token Flow Analyzer | Visualize token dependencies, detect orphan and unused tokens |
| 🔄 Dashboard Converter | Convert Simple XML to Dashboard Studio JSON format |
| ⚖️ Dashboard Diff | Side-by-side comparison of two dashboard versions |
| 📝 Docs Generator | Auto-generate documentation in Markdown, HTML, or Confluence Wiki |
| ♿ Accessibility Checker | WCAG 2.1 compliance audit with remediation guidance |
| Feature | Web App | Splunk Add-on |
|---|---|---|
| XML Validation | ✅ | ✅ |
| SPL Analysis | ✅ | ✅ |
| Export Reports | ✅ | ✅ |
| Complexity Scoring | ❌ | ✅ |
| SPL Optimizer | ❌ | ✅ |
| Token Flow Analysis | ❌ | ✅ |
| Dashboard Studio Converter | ❌ | ✅ |
| Dashboard Diff/Compare | ❌ | ✅ |
| Documentation Generator | ❌ | ✅ |
| Accessibility Audit | ❌ | ✅ |
| Works Offline | ✅ | ✅ (within Splunk) |
| No Installation | ✅ | Requires Splunk |
# Download from Splunkbase and install via CLI
splunk install app TA-splunklint.tgz
# Or copy to apps directory
cp -r TA-splunklint $SPLUNK_HOME/etc/apps/
splunk restart| Feature | Description |
|---|---|
| XML Syntax Validation | Detects parsing errors with precise line numbers |
| Structure Validation | Ensures proper <dashboard> and <form> structure |
| Element Validation | Validates panels, searches, visualizations, and drilldowns |
| Deprecation Warnings | Identifies outdated elements like <searchName>, <searchString> |
| Security Checks | Detects hardcoded credentials, API keys, and tokens |
| Check | Severity | Impact |
|---|---|---|
Leading wildcard (*term) |
🔴 High | Very slow searches across all data |
| No index specified | 🟡 Medium | Searches all indexes by default |
transaction command |
🔴 High | Resource-intensive; prefer stats |
join command |
🟡 Medium | Performance impact; consider alternatives |
| Subsearch usage | 🟡 Medium | Limited to 50,000 results |
| Multiple OR clauses | 🟡 Medium | Use IN operator or regex |
regex without index |
🔴 High | Must specify index first |
Complex eval with case() |
🔵 Low | Consider lookup tables |
- ✨ XML Formatter — Auto-format and beautify XML with proper indentation
- 📋 Example Templates — Pre-loaded dashboard examples to learn from
- 📝 Line Numbers — Synchronized line numbers in the editor
- ⬇️ Export Options — Download reports in JSON, TXT, or HTML formats
- ⌨️ Keyboard Shortcuts —
Ctrl/Cmd + Enterfor instant validation - 📊 Statistics Dashboard — Real-time metrics on panels, searches, tokens
No installation required! SplunkLint runs entirely in your browser.
- Open → Visit splunklint.netlify.app or open
index.htmllocally - Paste → Copy your Splunk dashboard XML into the editor
- Validate → Press
Ctrl/Cmd + Enteror click "Validate XML" - Review → Check errors, warnings, and suggestions
- Analyze → Click "Analyze SPL" for deep query insights
Visit splunklint.netlify.app — no download needed.
# Clone the repository
git clone https://github.com/sarat1kyan/splunklint.git
cd splunklint
# Open in your default browser
# macOS
open index.html
# Windows
start index.html
# Linux
xdg-open index.html┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Paste/Load XML │ ──▶ │ Validate XML │ ──▶ │ Review Results │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│
▼
┌─────────────────┐ ┌─────────────────┐
│ Export Report │ ◀── │ Analyze SPL │
└─────────────────┘ └─────────────────┘
Click 📋 Load Example dropdown to choose from:
| Example | Description |
|---|---|
| Simple Dashboard | Basic dashboard with single value and table |
| Advanced Dashboard | Dashboard with charts, tokens, and drilldowns |
| Form Dashboard | Interactive form with multiple input types |
| Common Errors | Dashboard with intentional errors for testing |
Click ✨ Format XML to automatically:
- Add proper indentation
- Normalize whitespace
- Structure nested elements
Click 📊 Export Report and choose your format:
| Format | Use Case |
|---|---|
| JSON | CI/CD integration, automated processing |
| Text | Documentation, code reviews |
| HTML | Sharing with stakeholders, visual reports |
These issues will prevent your dashboard from working correctly:
| Rule | Example | Fix |
|---|---|---|
| Invalid XML syntax | Unclosed tags, invalid characters | Check XML structure |
| Missing root element | No <dashboard> or <form> |
Add proper root element |
| Empty panel | Panel without visualization | Add <chart>, <table>, etc. |
| Empty query | <query></query> |
Add SPL query content |
| Security issues | Hardcoded password="secret" |
Remove credentials |
These won't break your dashboard but may cause issues:
| Rule | Impact | Recommendation |
|---|---|---|
Missing <label> |
Dashboard has no title in UI | Add descriptive label |
Missing <description> |
No context for users | Add description |
| No time bounds | Uses default time range | Specify <earliest> and <latest> |
| Deprecated elements | May break in future versions | Use modern alternatives |
| Missing panel titles | Poor user experience | Add <title> to panels |
| Aggressive refresh | High server load | Use 30s+ refresh intervals |
Suggestions for improvement:
| Suggestion | Benefit |
|---|---|
| Add panel IDs | Enable drilldown capabilities |
| Use submit button | Better form control |
| Limit panel count | Improved load performance |
SplunkLint performs deep analysis of your Search Processing Language queries to identify performance issues and suggest optimizations.
Each query receives a performance rating:
| Rating | Indicator | Meaning |
|---|---|---|
| 🟢 GOOD | Green badge | Optimized query following best practices |
| 🟡 FAIR | Yellow badge | Minor issues that could be improved |
| 🔴 POOR | Red badge | Significant performance problems |
# ❌ AVOID: Leading wildcard
* error | stats count
# ✅ BETTER: Specify index and be specific
index=main error | stats count
# ❌ AVOID: transaction (resource intensive)
index=main | transaction sessionId
# ✅ BETTER: Use stats with by clause
index=main | stats values(*) by sessionId
# ❌ AVOID: Multiple OR clauses
index=main (host=web01 OR host=web02 OR host=web03 ...)
# ✅ BETTER: Use IN operator
index=main host IN (web01, web02, web03)
Perfect for CI/CD pipelines and automated validation:
{
"valid": true,
"errors": [],
"warnings": [
{
"type": "warning",
"title": "Missing Description",
"message": "Consider adding a <description> element",
"suggestion": "Add <description>Dashboard purpose and context</description>"
}
],
"stats": {
"panels": 4,
"searches": 4,
"rows": 2,
"tokens": 2,
"drilldowns": 1
}
}Human-readable format for documentation:
========================================
SPLUNKLINT VALIDATION REPORT
========================================
Date: 1/8/2026, 10:30:00 AM
Status: VALID
STATISTICS:
- Panels: 4
- Searches: 4
- Rows: 2
- Errors: 0
- Warnings: 1
WARNINGS:
1. Missing Description
Consider adding a <description> element
Styled report with colors for sharing with stakeholders.
SplunkLint is designed with simplicity and privacy in mind:
┌──────────────────────────────────────────────────────────┐
│ index.html │
├──────────────────────────────────────────────────────────┤
│ ┌────────────────┐ ┌────────────────┐ │
│ │ HTML/CSS │ │ JavaScript │ │
│ │ UI Layer │ │ Validation │ │
│ └────────────────┘ └────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌─────────────────────────────────────┐ │
│ │ Browser DOMParser API │ │
│ │ (XML Parsing Engine) │ │
│ └─────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────┘
│
▼
📦 Zero network requests
🔒 All data stays local
| Component | Technology |
|---|---|
| Markup | HTML5 |
| Styling | CSS3 with CSS Variables |
| Logic | Vanilla JavaScript (ES6+) |
| XML Parsing | Browser DOMParser API |
| Layout | CSS Grid & Flexbox |
| Fonts | JetBrains Mono, IBM Plex Sans |
splunklint/
├── index.html # Complete application (single file)
├── README.md # This documentation
└── LICENSE # MIT License
- Zero Dependencies — No npm, no build step, no frameworks
- Offline-First — Works without internet connection
- Privacy-Focused — No analytics, no data transmission
- Portable — Single HTML file, works anywhere
Contributions are welcome! Here's how you can help:
| Type | Description |
|---|---|
| 🐛 Bug Reports | Open an issue with reproduction steps |
| 💡 Feature Ideas | Share suggestions in discussions |
| 🔧 Pull Requests | Fork, branch, code, test, PR! |
| 📖 Documentation | Improve guides and examples |
| 🗣️ Feedback | Share how you use SplunkLint |
# Clone the repo
git clone https://github.com/sarat1kyan/splunklint.git
cd splunklint
# Open in your editor
code index.html
# Test in browser (with live reload if using VS Code Live Server)
open index.htmlFind the performValidation() function in index.html:
// Example: Add a check for deprecated attribute
if (rootElement.hasAttribute('version')) {
result.warnings.push({
type: 'warning',
title: 'Deprecated Attribute',
message: 'The "version" attribute on dashboard element is deprecated',
suggestion: 'Remove the version attribute'
});
}Find the analyzeSPL() function:
// Example: Check for inefficient command
if (query.toLowerCase().includes('| transaction')) {
queryAnalysis.issues.push({
severity: 'high',
message: 'transaction command can be resource-intensive',
suggestion: 'Consider using stats with by clause instead'
});
queryAnalysis.performance = 'poor';
}- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
These features are now available in the Splunk Add-on:
| Feature | Status | Description |
|---|---|---|
| Dashboard Comparison | ✅ Available | Diff two XML files side-by-side |
| Dashboard Converter | ✅ Available | Convert Simple XML to Dashboard Studio JSON |
| Complexity Analyzer | ✅ Available | A-F grading with optimization tips |
| SPL Optimizer | ✅ Available | Query rewrite suggestions |
| Token Flow Analyzer | ✅ Available | Visualize token dependencies |
| Documentation Generator | ✅ Available | Auto-generate docs (Markdown, HTML, Confluence) |
| Accessibility Checker | ✅ Available | WCAG 2.1 compliance audit |
| Feature | Status | Description |
|---|---|---|
| Dark/Light Theme Toggle | 🔜 Planned | Switch between color themes |
| Syntax Highlighting | 🔜 Planned | Colorize XML in the editor |
| Visual Preview | 🔜 Planned | Render dashboard structure visually |
| VS Code Extension | 🔜 Planned | Validate directly in your editor |
| GitHub Actions | 🔜 Planned | CI/CD integration for pipelines |
| Custom Rules | 🔜 Planned | User-defined validation rules |
| REST API Mode | 🔜 Planned | Programmatic access for automation |
Have an idea? Open an issue with the enhancement label!
Does SplunkLint send my XML anywhere?
No! Everything runs entirely in your browser. Your XML never leaves your computer. There are no network requests, no analytics, no tracking.
Can I use this offline?
Yes! Download the index.html file and open it locally. It works without any internet connection.
Does it work with Splunk Cloud?
Yes! SplunkLint validates standard Splunk Dashboard XML regardless of your deployment type (Splunk Cloud, Splunk Enterprise, or standalone).
Can I validate .spl files?
Currently, SplunkLint focuses on dashboard XML validation. SPL-only file validation is on the roadmap.
Is this an official Splunk tool?
No. SplunkLint is an independent, open-source project not affiliated with Splunk Inc.
What's the difference between the web app and the Splunk Add-on?
The web app is a lightweight, browser-based validator that requires no installation. The Splunk Add-on includes all web app features plus 7 additional tools: Complexity Analyzer, SPL Optimizer, Token Flow Analyzer, Dashboard Converter, Dashboard Diff, Documentation Generator, and Accessibility Checker. Install the add-on if you want the full toolkit directly in Splunk.
What browsers are supported?
SplunkLint works best in modern browsers:
- ✅ Chrome/Chromium (recommended)
- ✅ Firefox
- ✅ Edge
- ✅ Safari
⚠️ Internet Explorer (not supported)
Can I embed SplunkLint in my application?
Yes! Since it's a single HTML file with MIT license, you can embed or adapt it. Consider linking back to the project.
How do I report a bug?
Open an issue on GitHub with:
- Steps to reproduce
- Expected vs actual behavior
- Sample XML (sanitized of sensitive data)
- Browser and OS information
| Limitation | Workaround |
|---|---|
| Large XML files (>10MB) may be slow | Split into smaller files for validation |
| Complex regex patterns in SPL | Some patterns may not be analyzed correctly |
| Token replacement | Dynamic token values aren't evaluated |
| Advanced XML features | Focus is on Simple XML; some Advanced XML may need manual review |
SplunkLint is designed with security and privacy as core principles:
- 🌐 No Network Requests — All processing happens locally
- 📦 No External Dependencies — Single self-contained HTML file
- 🔍 No Tracking — No analytics, cookies, or telemetry
- 💾 No Storage — Nothing saved to disk or local storage
- 🛡️ Security Detection — Warns about hardcoded credentials in XML
This project is licensed under the MIT License — see the LICENSE file for details.
MIT License
Copyright (c) 2026 Mher Saratikyan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- Inspired by the incredible Splunk community
- Built with insights from Splunk Documentation
- Typography by JetBrains Mono and IBM Plex
Mher Saratikyan
If SplunkLint helped you, please consider:
| Action | How It Helps |
|---|---|
| ⭐ Star this repo | Increases visibility |
| 🐛 Report bugs | Improves quality |
| 💡 Suggest features | Shapes the roadmap |
| 🔀 Contribute code | Adds new capabilities |
| 📢 Share with others | Grows the community |
Made with ❤️ by @sarat1kyan
Validate your Splunk dashboards with confidence
8 powerful tools including Complexity Analyzer, SPL Optimizer, Token Flow, and more!
⭐ Star this repo if you found it helpful!
