| Set-PSDebug -Off | |
| # splunk service details | |
| $splunkService = "SplunkForwarder" | |
| # path to splunk configs | |
| $splunk_serverconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\server.conf' | |
| $splunk_inputsconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf' | |
| # get current computername |
the otel collector is a reasonably nice way to scrape prometheus enpoints
it is obviously designed for use with splunk's olly cloud, but the otel collector supports output to splunk hec tokens as well.
im running multiple docker containers (to seperate workloads).
first, create configs
| #!/usr/bin/python3 | |
| # a quick and dirty dns test script | |
| # checks to see if we can resolve a list of hosts | |
| # writes to the hec endpoint on the localhost | |
| # (expected to be run from hfw) | |
| # | |
| # cron: * * * * * /root/dnstest.py >/tmp/dnstest.out 2>&1 | |
| # | |
| # mark.vandenbos@gmail.com |
| #!/usr/bin/env bash | |
| # set -euxo pipefail | |
| # ---- | |
| # | |
| # report ip address changes to slack channel | |
| # | |
| # this script detects and reports ip address changes | |
| # to me via personal slack message. | |
| # |
| abandoned | |
| able | |
| absolute | |
| adorable | |
| adventurous | |
| academic | |
| acceptable | |
| acclaimed | |
| accomplished | |
| accurate |
| TZ="Australia/Brisbane" | |
| SPLUNK_ENDPOINT="https://myendpoint.splunkcloud.com:8089" | |
| SPLUNK_USERNAME="splunkusername" | |
| SPLUNK_PASSWORD="splunkpassword" | |
| SPLUNK_APP="splunkapp" |
| #!/bin/bash | |
| # | |
| # sync specific lastpass credentials with onepass | |
| # | |
| # my employer uses lastpass, but i use 1password. i dont | |
| # want to replicate all my work passwords into 1password | |
| # but i do want to replicate a few "critical" passwords | |
| # (eg webmail) so i can check my emails from home. this | |
| # script is a quick hack to do this. |
| | rest splunk_server=local /services/data/inputs/http | |
| ``` | |
| some fields may not be populated so | |
| we try to come up with sane defaults | |
| ``` | |
| | eval allowQueryStringAuth = if(isnull(allowQueryStringAuth), "false", allowQueryStringAuth) | |
| | eval useACK = if(isnull(useACK), "false", useACK) | |
| | eval indexes = if(isnull(indexes), index, mvjoin(indexes, " ")) | |
| | fillnull value="" sourcetype | |
| | rex field=title ".*\/\/(?<x_description>[^\$]+)" |
| # this file was written to be used with the VS Code HTTP rest client. | |
| # (https://marketplace.visualstudio.com/items?itemName=humao.rest-client) | |
| # There should be more than enough detail to create some more advanced | |
| # scripting/automation | |
| # NOTE: if there is a problem with a connection (eg incorrect username/password, | |
| # or a db permissions issue) when you are trying to add an input, splunk | |
| # responds with "unable to process json" which is a little misleading |