Peter Titov iamhowardtheduck
iamhowardtheduck
/ COVID-19-john.conf
Last active
March 19, 2020 12:48
Coronavirus "COVID-19-john.conf" Logstash Pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| # Use file input to collect all CSVs from "git clone https://github.com/CSSEGISandData/COVID-19.git" | |
| # Simply run the command while in /var/log: git clone https://github.com/CSSEGISandData/COVID-19.git | |
| file { | |
| path => "/var/log/COVID-19/csse_covid_19_data/csse_covid_19_daily_reports/*.csv" | |
| start_position => "beginning" | |
| } } | |
| filter { |
iamhowardtheduck
/ gist:75c738798aae9d6a5a01f5cc6a2948a8
Last active
January 14, 2020 21:53
PEOPLE BUILDER - WORK IN PROGRESS, UPDATES TO PEOPLE - RC DNU
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| echo -e "\n\n\n\n\n\n\n" | |
| if [[ $EUID -eq 0 ]]; then | |
| echo "This script must NOT be run as \"root\" OR as \"sudo $USER\"; please try again." 1>&2 | |
| exit 1 | |
| fi | |
| # | |
| # BEGIN WELCOME SCREEN & INITIAL UPDATING | |
| # | |
| clear |
iamhowardtheduck
/ pihole.txt
Last active
December 2, 2019 18:32
Pi-Hole ECS Ingest Node Pipeline V2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/pihole | |
| { | |
| "description" : "Pi-Hole", | |
| "processors" : [ | |
| { | |
| "grok" : { | |
| "field" : "message", | |
| "patterns" : [ | |
| "%{SYSLOGTIMESTAMP:timestamp} %{GREEDYDATA:message}"]}, | |
iamhowardtheduck
/ Majestic_Index_Template
Last active
October 27, 2019 21:00
Majestic Index Template for Filebeat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _template/filebeat-majestic | |
| { | |
| "index_patterns": ["filebeat-majestic"], | |
| "settings": { | |
| "number_of_shards": 1, | |
| "number_of_replicas": 1 | |
| }, | |
| { | |
| "filebeat-majestic" : { | |
| "order" : 0, |
iamhowardtheduck
/ Majestic_ECS_Pipeline
Created
October 27, 2019 20:57
Majestic Top 1 Million CSV Ingest Node Pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT /_ingest/pipeline/majestic | |
| { | |
| "description" : "Majestic Parser", | |
| "version" : 1, | |
| "processors" : [ | |
| { "set":{"field":"@timestamp","value": "{{_ingest.timestamp}}"}}, | |
| { | |
| "dissect" : { | |
| "field" : "message", | |
| "pattern" :"%{GlobalRank},%{TldRank},%{Domain},%{TLD},%{RefSubNets},%{RefIPs},%{IDN_Domain},%{IDN_TLD},%{PrevGlobalRank},%{PrevTldRank},%{PrevRefSubNets},%{PrevRefIPs}" |
iamhowardtheduck
/ pihole-ecs-dashboard.ndjson
Last active
December 2, 2019 18:32
Pi-Hole ECS Dashboard V2: Now with Forbidden Trigram Detection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"attributes":{"fieldFormatMap":"{\"client.bytes\":{\"id\":\"bytes\"},\"client.nat.port\":{\"id\":\"string\"},\"client.port\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.nat.port\":{\"id\":\"string\"},\"destination.port\":{\"id\":\"string\"},\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"outputPrecision\":1}},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"server.bytes\":{\"id\":\"bytes\"},\"server.nat.port\":{\"id\":\"string\"},\"server.port\":{\"id\":\"string\" |
iamhowardtheduck
/ Pi-Hole_ECS_Pipeline
Last active
December 2, 2019 18:29
Pi-Hole ECS Elastic Ingest Node Pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT /_ingest/pipeline/pi-hole | |
| { | |
| "description" : "Pi-Hole Parser", | |
| "version" : 1, | |
| "processors" : [ | |
| { | |
| "grok" : { | |
| "field" : "message", | |
| "patterns" : [ | |
| "%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGPROG:Prog}: (?<dns.type>query)\\[(?<dns.question.type>A)\\] %{NOTSPACE:dns.question.name} (?<dns.question.class>from) %{IP:client.ip}", |
iamhowardtheduck
/ MeetUpDashboards.ndjson
Last active
September 18, 2019 11:39
MeetUp Event Viewer & Event Finder dashboards for Kibana.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"attributes":{"fieldFormatMap":"{\"member.photo\":{\"id\":\"url\",\"params\":{\"type\":\"img\",\"urlTemplate\":\"\"}},\"member.other_services.facebook.identifier\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.facebook.com/{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\ |
iamhowardtheduck
/ meetups.ndjson
Last active
January 28, 2020 01:54
MeetUp.com Index Pattern & Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"attributes":{"fieldFormatMap":"{\"member.photo\":{\"id\":\"url\",\"params\":{\"type\":\"img\",\"urlTemplate\":\"\"}},\"member.other_services.facebook.identifier\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.facebook.com/{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\ |
iamhowardtheduck
/ meetups.conf
Last active
September 19, 2019 02:27
Simply add your desired output section and save it as a *.conf file. Then run this command: curl http://stream.meetup.com/2/rsvps | /usr/share/logstash/bin/logstash -f wherever_you_saved_it_as.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| stdin { | |
| codec => json_lines | |
| } | |
| } | |
| filter { | |
| mutate { | |
| uppercase => [ "[group][group_country]" ] | |
| replace => { "location" => "%{[group][group_lat]},%{[group][group_lon]}" } |