Skip to content

Instantly share code, notes, and snippets.


Jay Swan jayswan

View GitHub Profile
View gist:d4ddd71a35bb5f1ad86f
In [144]: tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
File "<ipython-input-144-1b746eb83e6f>", line 1
tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
SyntaxError: keyword can't be an expression
View gist:3a7621d909b15c832cfb
In [142]: d
Out[142]: {'TargetUserName.raw': 'Domain Admins'}
In [143]: tt = Search(using=es,index=i)\
View gist:c04eee5287cc7cbc5ea1
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
"term": {
"EventID": 4728
View gist:b1998ac7226c08a18cb8
syntax enable
set ruler
set nobackup
set nocompatible
set encoding=utf-8
set showcmd
set number
set background=dark
"" Indentation
jayswan /
Created Nov 25, 2014
Count Plixer log entries
from collections import defaultdict
from operator import itemgetter
import sys
FILENAME = sys.argv[1]
class SimpleCounter(defaultdict):
""" Scrutinizer ships with Python 2.6 and doesn't have the Counter object
from collections. This is a simple version of it.
import hashlib
def hash(s,a='md5'):
""" One-stop hex-digest of a string. Allows any algorithm supported by hashlib. """
f = getattr(hashlib,a)
return f(s).hexdigest()
def fhash(fn,a='md5'):
""" Hash a file as a string. Not memory considerate. """
with open(fn) as f:
from collections import namedtuple
def d2n(name,d):
""" convert dict to namedtuple """
NewClass = namedtuple(name,d.keys())
return NewClass(*d.values())
from collections import Counter
from csv import DictReader
import gzip
from pprint import pprint
from sys import argv
FIELDNAMES = ['ts', 'uid', 'id.orig_h', 'id.orig_p', 'id.resp_h', 'id.resp_p', 'proto', 'trans_id', 'query', 'qclass', 'qclass_name', 'qtype', 'qtype_name', 'rcode', 'rcode_name', 'AA', 'TC', 'RD', 'RA', 'Z', 'answersTTLs', 'rejected']
def ingest(files, delim='\t', qchar='"'):
from collections import Counter,defaultdict
import re
import sys
Counterpart to this blog post:
Summarize counts of typical Cisco syslog messages. Most syslog servers produce lines that look something like this:
import requests
import json
from getpass import getpass
A more friendly, bug-fixed version of the Python sample included with
Solarwinds SDK v1.8
Make sure to set a valid nodeID in line 50 before using!
You can’t perform that action at this time.