Skip to content

Instantly share code, notes, and snippets.

View halr9000's full-sized avatar
πŸ‘‹
πŸ€™

Hal Rottenberg halr9000

πŸ‘‹
πŸ€™
71 followers · 44 following
View GitHub Profile
@halr9000
halr9000 / gist:20ab184a91277f3a2438
Created November 14, 2014 02:46
xExchange DSC Resources
xExchActiveSyncVirtualDirectory xExchAutodiscoverVirtualDirectory
xExchAutoMountPoint xExchClientAccessServer
xExchDatabaseAvailabilityGroup xExchDatabaseAvailabilityGroupMember
xExchDatabaseAvailabilityGroupNetwork xExchEcpVirtualDirectory
xExchExchangeCertificate xExchExchangeServer
xExchImapSettings xExchMailboxDatabase
xExchMailboxDatabaseCopy xExchMapiVirtualDirectory
xExchOabVirtualDirectory xExchOutlookAnywhere
xExchOwaVirtualDirectory xExchPopSettings
xExchPowerShellVirtualDirectory xExchReceiveConnector
@halr9000
halr9000 / Dockerfile
Created January 20, 2015 14:41
docker run splunk
FROM centos:latest
MAINTAINER [email protected]
EXPOSE 8000 8089 9997 9887 8191
ADD splunk/ /opt/splunk/
VOLUME ["/opt/splunk/var/lib"]
CMD ["/opt/splunk/bin/splunk", "start", "--nodaemon", "--accept-license", "--no-prompt", "--answer-yes", "--auto-ports"]
@halr9000
halr9000 / boxstarter.txt
Last active August 29, 2015 14:15
boxstarter
Install-WindowsUpdate
Enable-RemoteDesktop
cinst git-credential-winstore
cinst console-devel
cinst sublimetext3
cinst poshgit
cinst google-chrome-x64
cinst AWSTools.Powershell
@halr9000
halr9000 / SplunkStream.psm1
Last active August 29, 2015 14:18
Splunk Stream helper module
<#
.Synopsis
Returns XML object for local stream forwarder configuration if it exists, or optionally, default configuration.
.DESCRIPTION
Long description
.EXAMPLE
Get-StreamForwarderConfigXml -DefaultConfig
xml CmConfig
--- --------
@halr9000
halr9000 / 0_reuse_code.js
Last active August 29, 2015 14:20
Here are some things you can do with Gists in GistBox.
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console
@halr9000
halr9000 / test.ps1
Last active August 29, 2015 14:21
Simple PowerShell scripted input for Splunk that can invoke Splunk commands
# Get script path (works on v2+ of PowerShell) http://stackoverflow.com/a/5466355. v3+ has $PSScriptRoot variable, but win2k3 boxes might not have v3.
$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
Write-Verbose "Script Path: $scriptPath"
# find $SPLUNK_HOME starting from the bin path for an app, e.g. $env:programfiles\Splunk\etc\apps\appname\bin\test.ps1
# could just use string concatenation, but using the Resolve-Path and Join-Path cmdlets here will generate useful errors if they fail
$SPLUNK_HOME = Resolve-Path ( Join-Path -Path $scriptPath -ChildPath "..\..\..\.." ) # if my relative path is right?
Write-Verbose "Splunk Home: $splunk_home"
$SPLUNK_BIN = Join-Path -Path $SPLUNK_HOME -ChildPath "bin\splunk.exe" # join-path figures out starting & trailing path separators the right way
@halr9000
halr9000 / splunk-hec.psm1
Created February 26, 2016 18:44
Send-SplunkEvent, a PowerShell cmdlet for sending events to the Splunk HTTP event collector
# TODO: write the help
# TODO: support SSL self-signed certs
# TODO: need to validate JSON, and/or add a new param set that accepts hashtable and
# convert internally.
# TODO: support RAW mode
# TODO: refactor to use EC batch (concatenated events in one HTTP request) instead of
# PowerShell pipelines which will do a request per object (event payload) on the pipeline
# TODO: think about load balancing per Geoffrey Martins.
@halr9000
halr9000 / README.md
Last active February 27, 2022 05:00
How to make fake data in Splunk using SPL

How to make fake data in Splunk using SPL

Sometimes, you need to fake something in Splunk. Might be during development and you don't feel like writing a real search, but you really need a number for a dashboard panel to look right. Maybe you are helping someone with a hairy regex, and you don't want to index data just to test it on your instance. Whatever the reason, here are some searches that have helped me out.

Note that when using these techniques, you are not going through the indexing

@halr9000
halr9000 / gist:892b0fee55f10753efba04f0557cfd82
Created November 11, 2017 14:18
Emory Stuff
https://api.usfundamentals.com/v1/companies/xbrl?format=json&token=OrWsG12DjiVpkJmr946VKg
@halr9000
halr9000 / ScanAgent.log
Created May 19, 2018 18:16
<![LOG[CScanAgent::ScanByUpdates - Found UpdateClassification 0fa1201d-4330-4fa8-8ae9-b877473b6441 for Update:f2b6e975-cae9-493a-a17d-ca429e6738e5]LOG]!><time="10:40:29.580+300" date="11-12-2014" component="ScanAgent" context="" type="1" thread="12052" file="cscanagent.cpp:470">
<![LOG[Found CategoryID of :bfe5b177-a086-47a0-b102-097e4fa1f807 for Update:f61f6c4b-4598-4571-9663-9333a0906778]LOG]!><time="10:40:29.642+300" date="11-12-2014" component="ScanAgent" context="" type="1" thread="12052" file="cscanagent.cpp:453">
<![LOG[CScanAgent::ScanByUpdates - Found UpdateClassification 0fa1201d-4330-4fa8-8ae9-b877473b6441 for Update:f61f6c4b-4598-4571-9663-9333a0906778]LOG]!><time="10:40:29.643+300" date="11-12-2014" component="ScanAgent" context="" type="1" thread="12052" file="cscanagent.cpp:470">
<![LOG[Found CategoryID of :2ee2ad83-828c-4405-9479-544d767993fc for Update:f6bb2d17-0f0e-4a98-970b-7aaa85aae8ce]LOG]!><time="10:40:29.643+300" date="11-12-2014" component="ScanAgent" context="" type="1" thread="12052"