6d61726b760a · August 20, 2024 01:31
diff --git a/splunk-hec-logger.py b/splunk-hec-logger.py
 import secrets
 import datetime
 import time
 import requests

 # send a random splunk string to a http event collector
 # includes some fake app names and environments
 # generates len(app_names) events every 10 seconds

 requests.packages.urllib3.disable_warnings()

 splunkstrings = [
    "Splunk> 4TW",
    "Splunk> All batbelt. No tights.",
    "Splunk> Ask me Everything.",
    "Splunk> Australian for grep.",
    "Splunk> Be an IT superhero, Go home early.",
    "Splunk> Because Ninjas Are Too Busy.",
    "Splunk> Because you can't always blame Canada.",
    "Splunk> Can you SPL?",
    "Splunk> CENSORED",
    "Splunk> Cloud control.",
    "Splunk> Counter errorism.",
    "Splunk> Ctrl + F1 it.",
    "Splunk> CSI: Logfiles",
    "Splunk> data with destiny",
    "Splunk> Don't be a SOAR loser.",
    "Splunk> Drop your breaches.",
    "Splunk> Finding your faults, just like mom.",
    "Splunk> garbage in, pretty useful crap out.",
    "Splunk> I'm ESXi and I know it.",
    "Splunk> It's not a | line problem.",
    "Splunk> Join the in cloud.",
    "Splunk> Like an F-18, bro",
    "Splunk> Log cleanup on IL5",
    "Splunk> Log, I am your father.",
    "Splunk> Looking for trouble.",
    "Splunk> Machine watchable.",
    "Splunk> Map. Reduce. Recycle.",
    "Splunk> More brain, less surgery.",
    "Splunk> More JSON, less Freddy.",
    "Splunk> Needle. Haystack. Found.",
    "Splunk> Nobody puts data in corner.",
    "Splunk> Now with more code!",
    "Splunk> Observe ability.",
    "Splunk> Put ollie your data to work.",
    "Splunk> Put that in your | and Splunk it.",
    "Splunk> s/data/doing/gi",
    "Splunk> See the light before you tunnel.",
    "Splunk> See your world. Maybe wish you hadn't",
    "Splunk> Stop chasing your tail -f",
    "Splunk> Take the sh out of IT.",
    "Splunk> The Notorious B.I.G. D.A.T.A.",
    "Splunk> We don't need no stinking batches.",
    "Splunk> Weapon of a security warrior.",
    "Splunk> Winning the War on Error.",
    "Splunk> You bet your sweet SaaS",
    "Splunk> You came to the right trace.",
    "Splunk> You're just my sourcetype.",
    "Splunk> ERMAHGERD, SPLERNK!",
    "Splunk> All up in your business.",
    "Splunk> Bragging rights included.",
    "Splunk> Here To Save The Day.",
    "Splunk> Find your Achilles heel, before a Trojan does.",
    "Splunk> Log and load.",
    "Splunk> Log cleanup on IL5",
    "Splunk> Put ollie your data to work",
    "Splunk> Take the sh out of IT",
    "Splunk> You had me at resilience",
    "Splunk> Ready. AMI. Fire.",
    "Splunk> Be an IT superhero. Go home early.",
 ]

 app_names = [
    "moxie",
    "ember-x",
    "influx",
    "curator",
    "lumos-1",
    "lode-4"
 ]

 app_envs = [
    "prod",
    "uat",
    "dev"
 ]



    while True:
        for app in app_names:
            # your sample event - make this look something like the 
            # events you are trying to test. or dont :)
            logline = {
                        "line": {
                            "app": app,
                            "ts": datetime.datetime.now().isoformat(),
                            "env": secrets.choice(app_envs),
                            "msg": secrets.choice(splunkstrings)
                        },
                        "source":"stdout",
                        "attrs": {
                            "AppVersion":"1.1.0-1367743-6fb8d1dd",
                            "CdktfVersion":"1.16.4"
                        }
            }
    
            url="https://my.heavy.forwarder:8088/services/collector/event"
            auth = {'Authorization': 'Splunk {}'.format('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')}
            payload = {
                "index":"myindex",
                "sourcetype": "_json",
                "host": logline['line']['app'] + ".fakeapp.io",
                "event": logline
            }
    
            try:
                r = requests.post(url, headers=auth, json=payload, verify=False)
                print(f"{datetime.datetime.now().isoformat()} {r.text}")
                time.sleep(1)
            except requests.exceptions.RequestException as e:
                print(f"{datetime.datetime.now().isoformat()} {e}")
                print(f"{datetime.datetime.now().isoformat()} waiting 10 seconds before continuing...")
                time.sleep(10)
diff --git a/splunk-logger.sh b/splunk-logger.sh
 #!/bin/bash

 # log some data to a file: there are 59 strings - one minute worth 
 # cron, every minute 

 __OLD_IFS=$IFS
 IFS=$'\n'

 strings=()
 strings+=("4TW")
 strings+=("All batbelt. No tights.")
 strings+=("Ask me Everything.")
 strings+=("Australian for grep.")
 strings+=("Be an IT superhero, Go home early.")
 strings+=("Because Ninjas Are Too Busy.")
 strings+=("Because you can't always blame Canada.")
 strings+=("Can you SPL?")
 strings+=("CENSORED")
 strings+=("Cloud control.")
 strings+=("Counter errorism.")
 strings+=("Ctrl + F1 it.")
 strings+=("CSI: Logfiles")
 strings+=("data with destiny")
 strings+=("Don't be a SOAR loser.")
 strings+=("Drop your breaches.")
 strings+=("Finding your faults, just like mom.")
 strings+=("garbage in, pretty useful crap out.")
 strings+=("I'm ESXi and I know it.")
 strings+=("It's not a | line problem.")
 strings+=("Join the in cloud.")
 strings+=("Like an F-18, bro")
 strings+=("Log cleanup on IL5")
 strings+=("Log, I am your father.")
 strings+=("Looking for trouble.")
 strings+=("Machine watchable.")
 strings+=("Map. Reduce. Recycle.")
 strings+=("More brain, less surgery.")
 strings+=("More JSON, less Freddy.")
 strings+=("Needle. Haystack. Found.")
 strings+=("Nobody puts data in corner.")
 strings+=("Now with more code!")
 strings+=("Observe ability.")
 strings+=("Put ollie your data to work.")
 strings+=("Put that in your | and Splunk it.")
 strings+=("s/data/doing/gi")
 strings+=("See the light before you tunnel.")
 strings+=("See your world. Maybe wish you hadn't")
 strings+=("Stop chasing your tail -f")
 strings+=("Take the sh out of IT.")
 strings+=("The Notorious B.I.G. D.A.T.A.")
 strings+=("We don't need no stinking batches.")
 strings+=("Weapon of a security warrior.")
 strings+=("Winning the War on Error.")
 strings+=("You bet your sweet SaaS")
 strings+=("You came to the right trace.")
 strings+=("You're just my sourcetype.")
 strings+=("ERMAHGERD, SPLERNK!")
 strings+=("All up in your business.")
 strings+=("Bragging rights included.")
 strings+=("Here To Save The Day.")
 strings+=("Find your Achilles heel, before a Trojan does.")
 strings+=("Log and load.")
 strings+=("Log cleanup on IL5")
 strings+=("Put ollie your data to work")
 strings+=("Take the sh out of IT")
 strings+=("You had me at resilience")
 strings+=("Ready. AMI. Fire.")
 strings+=("Be an IT superhero. Go home early.")

 counter=0

 for string in ${strings[@]}
 do
  # generate a log line using one of the splunk string
  # add a uuid to ensure the line is unique
  printf "%s [splunk](%s) %s\n" "$(date +'%Y-%m-%dT%H:%M:%S%:z')" "$(uuidgen)" "${string}" | tee -a /tmp/splunklog.log 2>&1 1>/dev/null
  sleep 1
 done

 IFS=$__OLD_IFS
	import secrets
	import datetime
	import time
	import requests

	# send a random splunk string to a http event collector
	# includes some fake app names and environments
	# generates len(app_names) events every 10 seconds

	requests.packages.urllib3.disable_warnings()

	splunkstrings = [
	"Splunk> 4TW",
	"Splunk> All batbelt. No tights.",
	"Splunk> Ask me Everything.",
	"Splunk> Australian for grep.",
	"Splunk> Be an IT superhero, Go home early.",
	"Splunk> Because Ninjas Are Too Busy.",
	"Splunk> Because you can't always blame Canada.",
	"Splunk> Can you SPL?",
	"Splunk> CENSORED",
	"Splunk> Cloud control.",
	"Splunk> Counter errorism.",
	"Splunk> Ctrl + F1 it.",
	"Splunk> CSI: Logfiles",
	"Splunk> data with destiny",
	"Splunk> Don't be a SOAR loser.",
	"Splunk> Drop your breaches.",
	"Splunk> Finding your faults, just like mom.",
	"Splunk> garbage in, pretty useful crap out.",
	"Splunk> I'm ESXi and I know it.",
	"Splunk> It's not a \| line problem.",
	"Splunk> Join the in cloud.",
	"Splunk> Like an F-18, bro",
	"Splunk> Log cleanup on IL5",
	"Splunk> Log, I am your father.",
	"Splunk> Looking for trouble.",
	"Splunk> Machine watchable.",
	"Splunk> Map. Reduce. Recycle.",
	"Splunk> More brain, less surgery.",
	"Splunk> More JSON, less Freddy.",
	"Splunk> Needle. Haystack. Found.",
	"Splunk> Nobody puts data in corner.",
	"Splunk> Now with more code!",
	"Splunk> Observe ability.",
	"Splunk> Put ollie your data to work.",
	"Splunk> Put that in your \| and Splunk it.",
	"Splunk> s/data/doing/gi",
	"Splunk> See the light before you tunnel.",
	"Splunk> See your world. Maybe wish you hadn't",
	"Splunk> Stop chasing your tail -f",
	"Splunk> Take the sh out of IT.",
	"Splunk> The Notorious B.I.G. D.A.T.A.",
	"Splunk> We don't need no stinking batches.",
	"Splunk> Weapon of a security warrior.",
	"Splunk> Winning the War on Error.",
	"Splunk> You bet your sweet SaaS",
	"Splunk> You came to the right trace.",
	"Splunk> You're just my sourcetype.",
	"Splunk> ERMAHGERD, SPLERNK!",
	"Splunk> All up in your business.",
	"Splunk> Bragging rights included.",
	"Splunk> Here To Save The Day.",
	"Splunk> Find your Achilles heel, before a Trojan does.",
	"Splunk> Log and load.",
	"Splunk> Log cleanup on IL5",
	"Splunk> Put ollie your data to work",
	"Splunk> Take the sh out of IT",
	"Splunk> You had me at resilience",
	"Splunk> Ready. AMI. Fire.",
	"Splunk> Be an IT superhero. Go home early.",
	]

	app_names = [
	"moxie",
	"ember-x",
	"influx",
	"curator",
	"lumos-1",
	"lode-4"
	]

	app_envs = [
	"prod",
	"uat",
	"dev"
	]



	while True:
	for app in app_names:
	# your sample event - make this look something like the
	# events you are trying to test. or dont :)
	logline = {
	"line": {
	"app": app,
	"ts": datetime.datetime.now().isoformat(),
	"env": secrets.choice(app_envs),
	"msg": secrets.choice(splunkstrings)
	},
	"source":"stdout",
	"attrs": {
	"AppVersion":"1.1.0-1367743-6fb8d1dd",
	"CdktfVersion":"1.16.4"
	}
	}

	url="https://my.heavy.forwarder:8088/services/collector/event"
	auth = {'Authorization': 'Splunk {}'.format('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')}
	payload = {
	"index":"myindex",
	"sourcetype": "_json",
	"host": logline['line']['app'] + ".fakeapp.io",
	"event": logline
	}

	try:
	r = requests.post(url, headers=auth, json=payload, verify=False)
	print(f"{datetime.datetime.now().isoformat()} {r.text}")
	time.sleep(1)
	except requests.exceptions.RequestException as e:
	print(f"{datetime.datetime.now().isoformat()} {e}")
	print(f"{datetime.datetime.now().isoformat()} waiting 10 seconds before continuing...")
	time.sleep(10)
	#!/bin/bash

	# log some data to a file: there are 59 strings - one minute worth
	# cron, every minute

	__OLD_IFS=$IFS
	IFS=$'\n'

	strings=()
	strings+=("4TW")
	strings+=("All batbelt. No tights.")
	strings+=("Ask me Everything.")
	strings+=("Australian for grep.")
	strings+=("Be an IT superhero, Go home early.")
	strings+=("Because Ninjas Are Too Busy.")
	strings+=("Because you can't always blame Canada.")
	strings+=("Can you SPL?")
	strings+=("CENSORED")
	strings+=("Cloud control.")
	strings+=("Counter errorism.")
	strings+=("Ctrl + F1 it.")
	strings+=("CSI: Logfiles")
	strings+=("data with destiny")
	strings+=("Don't be a SOAR loser.")
	strings+=("Drop your breaches.")
	strings+=("Finding your faults, just like mom.")
	strings+=("garbage in, pretty useful crap out.")
	strings+=("I'm ESXi and I know it.")
	strings+=("It's not a \| line problem.")
	strings+=("Join the in cloud.")
	strings+=("Like an F-18, bro")
	strings+=("Log cleanup on IL5")
	strings+=("Log, I am your father.")
	strings+=("Looking for trouble.")
	strings+=("Machine watchable.")
	strings+=("Map. Reduce. Recycle.")
	strings+=("More brain, less surgery.")
	strings+=("More JSON, less Freddy.")
	strings+=("Needle. Haystack. Found.")
	strings+=("Nobody puts data in corner.")
	strings+=("Now with more code!")
	strings+=("Observe ability.")
	strings+=("Put ollie your data to work.")
	strings+=("Put that in your \| and Splunk it.")
	strings+=("s/data/doing/gi")
	strings+=("See the light before you tunnel.")
	strings+=("See your world. Maybe wish you hadn't")
	strings+=("Stop chasing your tail -f")
	strings+=("Take the sh out of IT.")
	strings+=("The Notorious B.I.G. D.A.T.A.")
	strings+=("We don't need no stinking batches.")
	strings+=("Weapon of a security warrior.")
	strings+=("Winning the War on Error.")
	strings+=("You bet your sweet SaaS")
	strings+=("You came to the right trace.")
	strings+=("You're just my sourcetype.")
	strings+=("ERMAHGERD, SPLERNK!")
	strings+=("All up in your business.")
	strings+=("Bragging rights included.")
	strings+=("Here To Save The Day.")
	strings+=("Find your Achilles heel, before a Trojan does.")
	strings+=("Log and load.")
	strings+=("Log cleanup on IL5")
	strings+=("Put ollie your data to work")
	strings+=("Take the sh out of IT")
	strings+=("You had me at resilience")
	strings+=("Ready. AMI. Fire.")
	strings+=("Be an IT superhero. Go home early.")

	counter=0

	for string in ${strings[@]}
	do
	# generate a log line using one of the splunk string
	# add a uuid to ensure the line is unique
	printf "%s [splunk](%s) %s\n" "$(date +'%Y-%m-%dT%H:%M:%S%:z')" "$(uuidgen)" "${string}" \| tee -a /tmp/splunklog.log 2>&1 1>/dev/null
	sleep 1
	done

	IFS=$__OLD_IFS