Skip to content

Instantly share code, notes, and snippets.

@JasonConger
JasonConger / savedsearches.conf
Last active Aug 29, 2015
Splunk Octoblu Alert Search
View savedsearches.conf
[ICA RTT - Yellow]
action.email.reportServerEnabled = 0
action.email.useNSSubject = 1
action.script = 1
action.script.filename = octoblu_trigger.py
alert.digest_mode = True
alert.suppress = 1
alert.suppress.period = 1m
alert.track = 0
counttype = number of events
@JasonConger
JasonConger / CtxConfigLog.ps1
Created Oct 15, 2015
Citrix Configuration Log with Property Old and New Values (in JSON format)
View CtxConfigLog.ps1
# Create a UDL file to access the SQL database
Add-Content C:\conflog.udl –Value $null; Start-Process C:\conflog.udl
# Load the Citrix Common Commands Snapin
Get-PSSnapin -Registered "Citrix.Common.Commands" | Add-PSSnapin
# Get the configuration log and convert to JSON
Get-CtxConfigurationLogReport -DataLinkPath C:\conflog.udl | ConvertTo-Json -Depth 10
@JasonConger
JasonConger / ConfigLogJSON.json
Created Oct 15, 2015
Exmple JSON output from Citrix Configuration Log
View ConfigLogJSON.json
{
"EntryId": "3_0_3",
"Date": "\/Date(1443804400000)\/",
"Account": "LAB\\administrator",
"TaskType": 2,
"ItemType": 0,
"ItemName": "Calc",
"Description": "Published application Calc was modified.",
"Details": [
@JasonConger
JasonConger / props.conf
Created Oct 17, 2022
Azure NSG Flow Log - Splunk props.conf
View props.conf
[mscs:nsg:flow]
description = Azure NSG Flow Logs
LINE_BREAKER = (,|\[){"time"
category = Application
KV_MODE = json
SEDCMD-remove_footer = s/\]}$//g
SEDCMD-remove_header = s/{"records":\[//g
SHOULD_LINEMERGE = false
TIME_PREFIX = time\":\"
TRUNCATE = 0