Skip to content

Instantly share code, notes, and snippets.

View marcusschiesser's full-sized avatar

Marcus Schiesser marcusschiesser

View GitHub Profile
@marcusschiesser
marcusschiesser / DashboardApiContext.jsx
Created November 29, 2021 11:01
How to use the Dashboard API from a Splunk visualization (e.g. to reload the datasource)
import React, { useState } from 'react';
import PropTypes from 'prop-types';
const DashboardApiContext = React.createContext();
const DashboardApiProvider = ({ children }) => {
const [api, setApi] = useState();
return (
<DashboardApiContext.Provider
value={{
@marcusschiesser
marcusschiesser / port_scan.py
Created November 30, 2021 08:47
Test ports for different machines
import socket
machines = ['mickey','mouse']
ports = [8000, 8089, 8088]
# scans ports on the given machines and ports
def scan_ports(machines, ports):
for machine in machines:
for port in ports:
@marcusschiesser
marcusschiesser / mapper.js
Created December 9, 2021 10:29
Javascript type mapper - transforms properties of an object according to a type definition from string to float, int or boolean
export function mapTypes(map) {
return (obj) => {
const newObj = {};
// eslint-disable-next-line no-restricted-syntax
for (const key in obj) {
if (Object.hasOwnProperty.call(obj, key)) {
let value = obj[key];
const type = map[key];
switch (type) {
case 'float':
@marcusschiesser
marcusschiesser / splunk_enforce_arrays.py
Created December 20, 2021 10:52
Enforce that splunk is returning arrays for multivalues (even if there's only one value)
import os
import splunklib.client as client
import splunklib.results as results
service = client.connect(
host=os.getenv('SPLUNK_HOST'),
port=os.getenv('SPLUNK_PORT'),
token=os.getenv('SPLUNK_TOKEN')
)
@marcusschiesser
marcusschiesser / splunkapp-post.js
Created December 21, 2021 10:54
POST request from a Splunk app using the @splunk/splunk-utils package
import * as config from '@splunk/splunk-utils/config';
import { createRESTURL } from '@splunk/splunk-utils/url';
import { handleError, handleResponse } from '@splunk/splunk-utils/fetch';
...
const url = createRESTURL(
'storage/collections/data/mycollection/key',
{ app: config.app, sharing: 'app' }
);
@marcusschiesser
marcusschiesser / restmap.conf
Created December 21, 2021 11:11
Using URL path parameters with Custom REST endpoints in Splunk
[script:url_path]
match = /api/v1/url_path
script = url_path_handler.py
scripttype = persist
handler = url_path_handler.UrlPathHandler
requireAuthentication = true
output_modes = json
passPayload = false
@marcusschiesser
marcusschiesser / usage.py
Last active February 10, 2022 03:43
Using username or token authentication in Splunk from Python
from utils import connect
service = connect(
app=os.getenv('SPLUNK_APP'),
host=os.getenv('SPLUNK_HOST'),
port=os.getenv('SPLUNK_PORT', 8089),
token=os.getenv('SPLUNK_TOKEN'),
username=os.getenv('SPLUNK_USERNAME'),
password=os.getenv('SPLUNK_PASSWORD')
)
@marcusschiesser
marcusschiesser / index.html
Last active February 25, 2022 03:53
Custom Login Page in Splunk
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form method="post" id="loginForm">
<div>
<input type="text" name="username" placeholder="Username" />
@marcusschiesser
marcusschiesser / commands.conf
Created March 27, 2022 03:36
Splunk command that runs a search for each event by passing the event's values as parameters
[mapsearch]
chunked = true
filename = map_search.py
python.version = python3
@marcusschiesser
marcusschiesser / upper-body.md
Created April 13, 2022 13:53
Fitmark exercises

‎‎​