LukeMurphey

import xml.dom.minidom
import csv

# Get the Kindle meta-data by:
#   1. Installing and running the Kindle app
#   2. Viewing the file in %appdata% at AppData\Local\Amazon\Kindle\Cache\KindleSyncMetadataCache.xml'

kindleMetaDataPath = 'KindleSyncMetadataCache.xml'
csvOutputPath = 'KindleBooks.csv'

LukeMurphey

# You can determine if the Splunk install is Splunk cloud by looking at the /services/server/info/server-info (e.g. https://127.0.0.1:8089/services/server/info/server-info) endpoint.
# If the install is running on Splunk Cloud, it will have a field named "instance_type" that has a value of "cloud".
# $SPLUNK_HOME/etc/system/local/server.conf that sets the instance type to cloud, like this:
[general]
instanceType = cloud

LukeMurphey

"""
This class makes creating a REST handler for Splunk easier.

The class will automatically call a function within the class based on the path and the method.

For example, if a GET call is made to the path "ping", then this class will call the function
get_ping().

Below is an example.

LukeMurphey

"""
This class makes creating a REST handler for Splunk easier.

The class will automatically call a function within the class based on the path and the method.

For example, if a GET call is made to the path "ping", then this class will call the function
get_ping().

Below is an example.

LukeMurphey

"""
This script shows how to get notable events from a Splunk instance running Enterprise Security.

This script runs using the libraries built into Splunk. You can run it like this:

    /opt/splunk/bin/splunk cmd python get_notables.py
"""

import splunk.auth
import splunk.search

LukeMurphey

import splunk.auth
import splunk.search
import time

def get_asset(host, session_key):
    # Declare some static vars
    search = '| stats count | eval asset="%s" | fields asset | `get_asset(asset)`' % host
    latest_time = "now"
    earliest_time = "0"

LukeMurphey

import sys

if len(sys.argv) != 3:
    print 'Incorrect number of arguments; provide the file-name followed by the file-size.\ne.g. you can make a 1 GB file named "newfile" by calling:\n\n    %s newfile 1073741824' % (sys.argv[0])
    exit()

filename = sys.argv[1]
size = int(sys.argv[2])

with open(filename, "wb") as f:

LukeMurphey

source="01-Jan-2006_to_29-Jun-2018.csv" 
| eval _time=strptime('Shipment Date',"%m/%d/%y") 
| rex field="Purchase Price Per Unit" "(?<price>[0-9.]+)" 
| rex field="Shipment Date" "[0-9][0-9]/[0-9][0-9]/(?<year>([0-9][0-9]))" 
| stats sum(price) as spent by year

LukeMurphey

"rules": [
                    {
                        "description": "Mouse right scroll to ctrl+tab (next tab)",
                        "manipulators": [
                            {
                                "from": {
                                    "pointing_button": "button5"
                                },
                                "to": [
                                    {

LukeMurphey

$('#ghx-issues-in-epic-table td:nth-child(2)').text().replace(/\s+/gi, " | | | \n |")