This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# timesince | |
# ----------------------------- | |
# makes a human readable description of the amount of time since a device was observed | |
# | |
[timesince(2)] | |
args = sourceField,destField | |
definition = eval now=time() | eval $destField$ = case( $sourceField$ > now, "0 minutes ago", now-$sourceField$ > (2*86400), round((now-$sourceField$) / (86400)) . " days ago", now-$sourceField$ > (2*3600), round((now-$sourceField$) / (3600)) . " hours ago", now-$sourceField$ > (2*60), round((now-$sourceField$) / (60)) . " minutes ago", now-$sourceField$ > 60, "1 minute ago", now-$sourceField$ <= 60, "just now" ) | fields - now | |
iseval = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if( Splunk.Module.SimpleResultsTable ){ | |
Splunk.Module.SimpleResultsTable = $.klass(Splunk.Module.SimpleResultsTable, { | |
renderResults: function($super, htmlFragment) { | |
$super(htmlFragment); | |
if (this.getInferredEntityName()=="events") { | |
this.renderedCount = $("tr", this.container).length - 1; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
This Ant build script contains operations that are useful for building Splunk apps. To use it with you app, do the following: | |
1) Set the name of the project in the project node | |
2) Define a default.properties file to specify default parameters. The default.properties ought to be checked in the source-code repository. | |
3) Define a local.properties file to override the default parameters. This file should be install specific and thus should NOT be checked into the source-code repository. | |
Below are the parameters supported: | |
* value.build.packageoutput.directory: indicates where created packages should go (defaults to tmp/packages) | |
* value.build.number: indicates the build number specified in app.conf (defaults to 1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import splunk.admin as admin | |
import splunk.entity as entity | |
import splunk | |
import logging | |
import logging.handlers | |
import os | |
import re | |
import copy | |
class StandardFieldValidator(object): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[admin_external:change_this] | |
handlertype = python | |
handlerfile = rest_handler.py | |
handleractions = list,edit,_reload |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[launcher] | |
version = | |
description = | |
author = | |
[package] | |
id = | |
[install] | |
build = ${build.number} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Computes the minimal set of codes to open a GE Supra lock box (such as http://www.amazon.com/Security-Keysafe-Cabinet-Assorted-Colors/dp/B000VL4TSW). | |
""" | |
import sys | |
def remove_values_from_list(the_list, val): | |
the_list_copy = the_list[:] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ==UserScript== | |
// @name Bad root endpoint links | |
// @namespace splunk | |
// @version 0.5 | |
// @description finds bad links caused when the root endpoint is modified | |
// @match https://127.0.0.1:8000/* | |
// @match http://127.0.0.1:8000/* | |
// @copyright 2013+, lmurphey@splunk.com | |
// ==/UserScript== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
This is a base class for making Python modular inputs for Splunk. | |
To make a modular input based on this class, you should follow the steps defined below. | |
Note that this example assumes you are making an input named "my_input_name". | |
________________________________________________________ | |
1) Define the input in inputs.conf.spec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
This class provides a base class for search commands that handles much of the Splunk-to-Python | |
interaction necessary for making a search command. | |
This is licensed under the Apache License Version 2.0 | |
See https://www.apache.org/licenses/LICENSE-2.0.html | |
To make a search command, you will need to: | |
1) Sub-class the search command (see below for an example) | |
2) Declare your search command in commands.conf |
OlderNewer