Skip to content

Instantly share code, notes, and snippets.

View 6d61726b760a's full-sized avatar

Mark Vandenbos 6d61726b760a

5 followers · 3 following
View GitHub Profile
@6d61726b760a
6d61726b760a / hec_examples.sh
Created September 30, 2024 03:05
splunk - hec curl examples
# - https://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHECIDXAck
# - https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector
# - https://docs.splunk.com/Documentation/Splunk/latest/Data/HECExamples
# NOTE: events sent to the RAW endpoint will land in the default index for the provided token
# event endpoint [ack disabled]
curl -k \
-H "Authorization: Splunk TH1S-IS-N0T-A-R3AL-T0K3N" \
https://splunk-heavyforwarder:8088/services/collector/event \
@6d61726b760a
6d61726b760a / README.md
Last active September 30, 2024 01:33
splunk - generate a list of HEC token strings from splunk cloud config

This SPL will generate a list of HEC token strings that you could copy pasta straight into an inputs.conf (although testing & validation is always wise).

Useful if you are trying to replicate Splunk Cloud HEC tokens to Heavy Forwarders.

Example output:

[<token title>]
description = <description, (if blank, title)>
disabled = 0
index = index_1
@6d61726b760a
6d61726b760a / splunk-hec-logger.py
Last active August 20, 2024 01:31
splunk event generation
import secrets
import datetime
import time
import requests
# send a random splunk string to a http event collector
# includes some fake app names and environments
# generates len(app_names) events every 10 seconds
requests.packages.urllib3.disable_warnings()
@6d61726b760a
6d61726b760a / screeps_tutorial_2024-06.md
Last active June 18, 2024 15:16
screeps tutorial 2024-06
@6d61726b760a
6d61726b760a / splunk_aws_hostname.ps1
Created January 10, 2024 01:02
quick script to customize the splunk hostname config for windows hosts
Set-PSDebug -Off
# splunk service details
$splunkService = "SplunkForwarder"
# path to splunk configs
$splunk_serverconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\server.conf'
$splunk_inputsconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf'
# get current computername
@6d61726b760a
6d61726b760a / prometheus-hec.md
Created September 5, 2023 08:07
otel prometheus to splunk hec

scraping prometheus endpoints with otel

the otel collector is a reasonably nice way to scrape prometheus enpoints

it is obviously designed for use with splunk's olly cloud, but the otel collector supports output to splunk hec tokens as well.

im running multiple docker containers (to seperate workloads).

first, create configs

@6d61726b760a
6d61726b760a / splunk-dnstest.py
Last active May 17, 2023 03:03
#!/usr/bin/python3
# a quick and dirty dns test script
# checks to see if we can resolve a list of hosts
# writes to the hec endpoint on the localhost
# (expected to be run from hfw)
#
# cron: * * * * * /root/dnstest.py >/tmp/dnstest.out 2>&1
#
# [email protected]
@6d61726b760a
6d61726b760a / ip_addr_reporter.sh
Created February 27, 2023 02:51
#!/usr/bin/env bash
# set -euxo pipefail
# ----
#
# report ip address changes to slack channel
#
# this script detects and reports ip address changes
# to me via personal slack message.
#
@6d61726b760a
6d61726b760a / english-adjectives.txt
Created February 13, 2023 02:01 — forked from hugsy/english-adjectives.txt
abandoned
able
absolute
adorable
adventurous
academic
acceptable
acclaimed
accomplished
accurate
@6d61726b760a
6d61726b760a / .env
Created January 31, 2023 23:54
splunkcloud scripted dashboard generation
TZ="Australia/Brisbane"
SPLUNK_ENDPOINT="https://myendpoint.splunkcloud.com:8089"
SPLUNK_USERNAME="splunkusername"
SPLUNK_PASSWORD="splunkpassword"
SPLUNK_APP="splunkapp"