6d61726b760a

TZ="Australia/Brisbane"

SPLUNK_ENDPOINT="https://myendpoint.splunkcloud.com:8089"
SPLUNK_USERNAME="splunkusername"
SPLUNK_PASSWORD="splunkpassword"
SPLUNK_APP="splunkapp"

6d61726b760a

#!/bin/bash

#
# sync specific lastpass credentials with onepass
#
# my employer uses lastpass, but i use 1password. i dont
# want to replicate all my work passwords into 1password
# but i do want to replicate a few "critical" passwords
# (eg webmail) so i can check my emails from home. this
# script is a quick hack to do this.

6d61726b760a

| rest splunk_server=local /services/data/inputs/http
``` 
some fields may not be populated so 
we try to come up with sane defaults
```
| eval allowQueryStringAuth = if(isnull(allowQueryStringAuth), "false", allowQueryStringAuth)
| eval useACK = if(isnull(useACK), "false", useACK)
| eval indexes = if(isnull(indexes), index, mvjoin(indexes, " "))
| fillnull value="" sourcetype
| rex field=title ".*\/\/(?<x_description>[^\$]+)"

6d61726b760a

lp2agent

add an ssh key from lastpass to ssh-agent

pull an ssh key from lastpass and add it to ssh agent for 30 seconds so you can ssh

usage

lp2agent

6d61726b760a

# this file was written to be used with the VS Code HTTP rest client.
# (https://marketplace.visualstudio.com/items?itemName=humao.rest-client)

# There should be more than enough detail to create some more advanced 
# scripting/automation

# NOTE: if there is a problem with a connection (eg incorrect username/password,
# or a db permissions issue) when you are trying to add an input, splunk 
# responds with "unable to process json" which is a little misleading

6d61726b760a

#!/bin/bash
set -x
now=$( date '+%Y/%m/%d %H:%M:%S' )

TMPFILE1=$(mktemp /tmp/XXXXXXXXXX.json)

script_exit () {
    rm -rf ${TMPFILE1}
    exit 0
}

6d61726b760a

#!/bin/bash

# /var/lib/cloud/scripts/per-boot/00-hostname.sh

# https://cloudinit.readthedocs.io/en/latest/topics/modules.html#scripts-per-boot

#
# create/set server hostname using a static prefix with a cloud instance id appended.
#
# sed -i '' \

6d61726b760a

# /etc/profile.d/splunk.sh

if [ -d /opt/splunk ]; then
  export SPLUNK_HOME="/opt/splunk"
  export PATH=${PATH}:${SPLUNK_HOME}/bin
elif [ -d /opt/splunkforwarder ]; then
  export SPLUNK_HOME="/opt/splunkforwarder"
  export PATH=${PATH}:${SPLUNK_HOME}/bin
fi

6d61726b760a

#!/bin/bash
# Description: Install, start, and enable splunk forwarder , or just install.
# Usage:
#      splunkUFDeploy.sh [nostart] 
#
# NOSTART intended for base images, where we install Splunk but may not use it.
# NOSTART = 1 is true, default is false (0)

NOSTART=0
if [ $# -eq 1 ] && [ $1 == 'nostart' ] ; then

6d61726b760a

import requests
import os
from lxml import etree

# remove old clients from deployment server

deployment_server = os.getenv('SPLUNK_DS')
splunk_username = os.getenv('SPLUNK_DS_USER')
splunk_password = os.getenv('SPLUNK_DS_PASS')
ds_auth=(splunk_username, splunk_password)