From 4d62cd1c3e6d1ac698451d06c43b4540408ba836 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Fri, 19 Jun 2026 07:42:59 +0000 Subject: [PATCH] Add Buttercup Operations Dashboard for SA-S4R workshop Ship a Dashboard Studio view with five team panels (IT Ops, DevOps, Business Analytics, Security & Fraud) using canonical SPL from the S4R catalog. Default time range is the last hour with one-minute refresh. Also add platform field extraction for DevOps panels, nav entry, view ACL metadata, and an MCP validation script (make validate-s4r-dashboard). Co-authored-by: D. Dessy (Splunk) --- Makefile | 3 + SA-S4R/default/data/ui/nav/default.xml | 3 +- .../views/buttercup_operations_dashboard.xml | 303 ++++++++++++++++++ SA-S4R/default/props.conf | 1 + SA-S4R/metadata/default.meta | 4 + docs/S4R-DASHBOARD.md | 1 + scripts/validate-s4r-dashboard-queries.sh | 87 +++++ 7 files changed, 401 insertions(+), 1 deletion(-) create mode 100644 SA-S4R/default/data/ui/views/buttercup_operations_dashboard.xml create mode 100755 scripts/validate-s4r-dashboard-queries.sh diff --git a/Makefile b/Makefile index d4b0487..e3d30fb 100644 --- a/Makefile +++ b/Makefile @@ -106,6 +106,9 @@ verify: ## Stack status then Splunk MCP client verify @$(MAKE) status @$(MAKE) verify-mcp-remote +validate-s4r-dashboard: ## Validate Buttercup dashboard panel SPL via Splunk MCP + @./scripts/validate-s4r-dashboard-queries.sh + s4r-attack-nk-enable: ## Enable NK purchase-attack Eventgen stanza (then: make restart) @./scripts/toggle-s4r-attack-nk.sh enable diff --git a/SA-S4R/default/data/ui/nav/default.xml b/SA-S4R/default/data/ui/nav/default.xml index 2d955a3..16ef079 100644 --- a/SA-S4R/default/data/ui/nav/default.xml +++ b/SA-S4R/default/data/ui/nav/default.xml @@ -1,6 +1,7 @@ -