Skip to content

Instantly share code, notes, and snippets.

View marcusschiesser's full-sized avatar

Marcus Schiesser marcusschiesser

94 followers · 7 following
View GitHub Profile
@marcusschiesser
marcusschiesser / usage.py
Last active February 10, 2022 03:43
Using username or token authentication in Splunk from Python
from utils import connect
service = connect(
app=os.getenv('SPLUNK_APP'),
host=os.getenv('SPLUNK_HOST'),
port=os.getenv('SPLUNK_PORT', 8089),
token=os.getenv('SPLUNK_TOKEN'),
username=os.getenv('SPLUNK_USERNAME'),
password=os.getenv('SPLUNK_PASSWORD')
)
@marcusschiesser
marcusschiesser / restmap.conf
Created December 21, 2021 11:11
Using URL path parameters with Custom REST endpoints in Splunk
[script:url_path]
match = /api/v1/url_path
script = url_path_handler.py
scripttype = persist
handler = url_path_handler.UrlPathHandler
requireAuthentication = true
output_modes = json
passPayload = false
@marcusschiesser
marcusschiesser / splunkapp-post.js
Created December 21, 2021 10:54
POST request from a Splunk app using the @splunk/splunk-utils package
import * as config from '@splunk/splunk-utils/config';
import { createRESTURL } from '@splunk/splunk-utils/url';
import { handleError, handleResponse } from '@splunk/splunk-utils/fetch';
...
const url = createRESTURL(
'storage/collections/data/mycollection/key',
{ app: config.app, sharing: 'app' }
);
@marcusschiesser
marcusschiesser / splunk_enforce_arrays.py
Created December 20, 2021 10:52
Enforce that splunk is returning arrays for multivalues (even if there's only one value)
import os
import splunklib.client as client
import splunklib.results as results
service = client.connect(
host=os.getenv('SPLUNK_HOST'),
port=os.getenv('SPLUNK_PORT'),
token=os.getenv('SPLUNK_TOKEN')
)
@marcusschiesser
marcusschiesser / mapper.js
Created December 9, 2021 10:29
Javascript type mapper - transforms properties of an object according to a type definition from string to float, int or boolean
export function mapTypes(map) {
return (obj) => {
const newObj = {};
// eslint-disable-next-line no-restricted-syntax
for (const key in obj) {
if (Object.hasOwnProperty.call(obj, key)) {
let value = obj[key];
const type = map[key];
switch (type) {
case 'float':
@marcusschiesser
marcusschiesser / port_scan.py
Created November 30, 2021 08:47
Test ports for different machines
import socket
machines = ['mickey','mouse']
ports = [8000, 8089, 8088]
# scans ports on the given machines and ports
def scan_ports(machines, ports):
for machine in machines:
for port in ports:
@marcusschiesser
marcusschiesser / DashboardApiContext.jsx
Created November 29, 2021 11:01
How to use the Dashboard API from a Splunk visualization (e.g. to reload the datasource)
import React, { useState } from 'react';
import PropTypes from 'prop-types';
const DashboardApiContext = React.createContext();
const DashboardApiProvider = ({ children }) => {
const [api, setApi] = useState();
return (
<DashboardApiContext.Provider
value={{
@marcusschiesser
marcusschiesser / DSTable.jsx
Created November 24, 2021 09:34
How to programmatically connect a search datasource to a Splunk visualization (without using the dashboard)
import React, { useState } from 'react';
import Table from '@splunk/visualizations/Table';
import { SplunkSearch } from '@splunk/datasources';
const DSTable = () => {
const [dsResult, setDsResult] = useState(null);
const ds = new SplunkSearch({
query: '| inputlookup example_kv',
queryParameters: {
@marcusschiesser
marcusschiesser / index.jsx
Created November 23, 2021 10:53
Starter file to run any React app as a Splunk app
import React from 'react';
import ReactDOM from 'react-dom';
import { createStaticURL } from '@splunk/splunk-utils/url';
import $script from 'scriptjs';
function getLayoutApi(callback) {
const url = createStaticURL('build/api/layout.js');
if (window.requirejs) {
@marcusschiesser
marcusschiesser / low-high.md
Created December 28, 2020 12:16