I hereby claim:
- I am inqueue on github.
- I am inqueue (https://keybase.io/inqueue) on keybase.
- I have a public key ASCyxhhPiLRhxf3PE5riVWdmlA82DFGNxDBt-AtVgdoDzQo
To claim this, I am signing this object:
Jason Bryan inqueue
inqueue
/ keybase.md
Created
October 5, 2017 22:09
inqueue
/ purge_indices.json
Created
August 3, 2017 21:22
Watcher (v5.5.1): Look for indices to purge every 24h with @timestamp older than 2 days
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _xpack/watcher/watch/purge_indices | |
| { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "24h" | |
| } | |
| }, | |
| "input": { | |
| "search": { | |
| "request": { |
inqueue
/ openssl_commands.sh
Created
April 27, 2017 14:53
openssl commands that will help you in a pinch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Checking and verification ### | |
| # Check a certificate signing requested | |
| openssl req -text -noout -verify -in node_sign_request.csr | |
| # Check a private key | |
| openssl rsa -in node.key -check | |
| # Check a certificate | |
| openssl x509 -in node.crt -text -noout |
inqueue
/ strip_passwords.json
Created
February 9, 2017 18:55
Elasticsearch: Update by query example to strip passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DELETE security-logs | |
| POST security-logs/event/_bulk | |
| {"index":{}} | |
| { "event": "login", "user": "aardvark", "password": "squishy"} | |
| {"index":{}} | |
| { "event": "login", "user": "squishy", "password": "aardvark"} | |
| {"index":{}} | |
| { "event": "access", "application": "nginx", "ip": "10.1.1.1"} |
inqueue
/ truncate_field.json
Created
February 9, 2017 15:41
Elasticsearch: truncate a field using a script processor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/truncate-field | |
| { | |
| "description": "Use the Script processor to truncate a field to 10 characters", | |
| "processors": [ | |
| { | |
| "script": { | |
| "inline": "ctx.foo = ctx.foo.substring(0, (int) Math.min(10, ctx.foo.length()))" | |
| } | |
| } | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _template/default | |
| { | |
| "order": 0, | |
| "template": "*", | |
| "settings": { | |
| "index": { | |
| "number_of_shards": "2", | |
| "number_of_replicas": "1" | |
| } | |
| } |
inqueue
/ clone.conf
Created
November 7, 2016 19:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| stdin { | |
| codec => json {} | |
| } | |
| } | |
| filter { | |
| clone { | |
| clones => ['cloned_test_event'] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET metricbeat/_search | |
| { | |
| "query": { | |
| "bool": { | |
| "filter": { | |
| "bool": { | |
| "should": [ | |
| {"term": {"metricset.name": {"value": "cpu"}}}, | |
| {"term": {"metricset.name": {"value": "load"}}} | |
| ] |
inqueue
/ topbeat_not_reporting.json
Created
August 31, 2016 22:40
Watch for alerting when Topbeat collectors are no longer reporting new data.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "1m" | |
| } | |
| }, | |
| "metadata": { | |
| "skip_hosts": [""], | |
| "window_size": "2m", | |
| "collection_scope": "48h" |
inqueue
/ topbeat_filesystem_watch_example.json
Last active
March 30, 2016 15:10
Watch Filesystem Data from Topbeat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "metadata": { | |
| "used_percent": 0.9, | |
| "email_to": "email@domain.tld" | |
| }, | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, |