Skip to content

Instantly share code, notes, and snippets.

@hillar
hillar / heka_bro.toml
Created December 19, 2014 07:59
heka conf sample to send bro logs to elastic search
[LogstreamerInput]
log_directory = "/var/log/bro"
file_match = '.*\.log'
priority = ["^conn"]
decoder = "Json"
## see https://www.bro.org/sphinx-git/scripts/policy/tuning/json-logs.bro.html?highlight=json
#echo "@load tuning/json-logs" >> /usr/share/bro/site/local.bro
#echo "redef LogAscii::json_timestamps = JSON::TS_ISO8601;" >> /usr/share/bro/site/local.bro
[Json]
@hillar
hillar / json_keys.py
Created December 17, 2014 07:03
simple python snippet to print first level of json key names
import json
fn='/opt/suricata/var/log/suricata/eve.json'
f=open(fn)
lines=f.readlines()
f.close()
u=dict()
for line in lines:
@halr9000
halr9000 / Export-SplunkSearch.ps1
Created September 18, 2013 04:27
Splunk export search job using PowerShell
# Conversion of http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTsearch#search.2Fjobs.2Fexport
# example using curl, to PowerShell with Invoke-RestMethod cmdlet
#
# $ curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export
# --data-urlencode search="search index=_internal | stats count by sourcetype"
# -d output_mode=json -d earliest="rt-5m" -d latest="rt"
$cred = Get-Credential
# This will allow for self-signed SSL certs to work