Skip to content

Instantly share code, notes, and snippets.

Jay Swan jayswan

Block or report user

Report or block jayswan

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:d4ddd71a35bb5f1ad86f
In [144]: tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
.filter('term',EventID=4728)
File "<ipython-input-144-1b746eb83e6f>", line 1
tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
.filter('term',EventID=4728)
SyntaxError: keyword can't be an expression
View gist:3a7621d909b15c832cfb
In [142]: d
Out[142]: {'TargetUserName.raw': 'Domain Admins'}
In [143]: tt = Search(using=es,index=i)\
.filter('term',**d).filter('term',EventID=4728)
View gist:c04eee5287cc7cbc5ea1
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"EventID": 4728
}
View gist:b1998ac7226c08a18cb8
syntax enable
set ruler
set nobackup
set nocompatible
set encoding=utf-8
set showcmd
set number
set background=dark
"" Indentation
@jayswan
jayswan / plixer_log_count.py
Created Nov 25, 2014
Count Plixer log entries
View plixer_log_count.py
from collections import defaultdict
from operator import itemgetter
import sys
FILENAME = sys.argv[1]
class SimpleCounter(defaultdict):
""" Scrutinizer ships with Python 2.6 and doesn't have the Counter object
from collections. This is a simple version of it.
"""
View hashes.py
import hashlib
def hash(s,a='md5'):
""" One-stop hex-digest of a string. Allows any algorithm supported by hashlib. """
f = getattr(hashlib,a)
return f(s).hexdigest()
def fhash(fn,a='md5'):
""" Hash a file as a string. Not memory considerate. """
with open(fn) as f:
View d2n.py
from collections import namedtuple
def d2n(name,d):
""" convert dict to namedtuple """
NewClass = namedtuple(name,d.keys())
return NewClass(*d.values())
View dlog.py
from collections import Counter
from csv import DictReader
import gzip
from pprint import pprint
from sys import argv
FIELDNAMES = ['ts', 'uid', 'id.orig_h', 'id.orig_p', 'id.resp_h', 'id.resp_p', 'proto', 'trans_id', 'query', 'qclass', 'qclass_name', 'qtype', 'qtype_name', 'rcode', 'rcode_name', 'AA', 'TC', 'RD', 'RA', 'Z', 'answersTTLs', 'rejected']
def ingest(files, delim='\t', qchar='"'):
View simple_syslog_count.py
from collections import Counter,defaultdict
import re
import sys
"""
Counterpart to this blog post:
http://unroutable.blogspot.com/2014/07/simple-python-syslog-counter.html
Summarize counts of typical Cisco syslog messages. Most syslog servers produce lines that look something like this:
View swis.py
import requests
import json
from getpass import getpass
"""
A more friendly, bug-fixed version of the Python sample included with
Solarwinds SDK v1.8
Make sure to set a valid nodeID in line 50 before using!
"""
You can’t perform that action at this time.