Skip to content

Instantly share code, notes, and snippets.

@pmeyerson
pmeyerson / demo.py
Last active March 27, 2020 18:50
simple HEC example
#!/bin/usr/python3
import time
import random
import string
import sys
from splunk_http_event_collector import http_event_collector
# splunk_http_event_collector available from https://pypi.org/project/Splunk-HEC/
@pmeyerson
pmeyerson / responsehandler.py
Last active April 19, 2019 02:54
rest_ta event handlers
class CustomHandler:
# response from API is in format {"result": [{}, {}, {}]} at least for cmdb tables
# credit http://www.georgestarcher.com/splunk-null-thinking/
def __init__(self,**args):
pass
def __call__(self, response_object, raw_response_output,response_type,req_args,endpoint):
#if response_type == "json":
output = json.loads(raw_response_output)
@pmeyerson
pmeyerson / search-spl
Created January 30, 2018 22:05
splunk ipam scheduled search
index=ddi sourcetype="infoblox:api:networks"
| dedup network
| rex field=comment "(?<Site>[\s\S^-]*)\s-\s(?<Vlan>[0-9xX]*)\s-\s(?<NetworkDescription>[\s\S]*)"
| rename network as Network
| table Network Site NetworkDescription Vlan
| sort Network num
| outputlookup networks createinapp=true append=false
# make sure you enter correct info for
# auth_password, auth_user, endpoint, index. Sourcetype and polling interval as you like.
# Examples are below. Inteded for use with REST API modular input add-on see https://splunkbase.splunk.com/app/1546/
# Consider using Splunk's Add-on-Builder app (available on splunkbase) as app 1546 requires $ now I believe.
[rest://infoblox-networks]
auth_password = password
auth_type = basic
auth_user = user
endpoint = https://infoblox_ip/wapi/v2.0/network
@pmeyerson
pmeyerson / logparse_smtprx.py
Last active November 14, 2017 22:05
parse exchange 2010 smtp receive connector logs into csv format
#!/usr/bin/python
import os
import csv
import sys
logdir="exhub_logs/"
outdir="output/"
# get list of input log files
@pmeyerson
pmeyerson / amp-export-network-events.py
Last active October 26, 2017 21:14
pull amp event network connectivity data for a specific host and export to csv
#!/usr/bin/python
# Fill in your apikey and apipwd and hostname of machine to get started.
# Determine the hostguid from the amp console. Advanced users could use another api query to retreive this.
# This script is rough but should get you started.
import json
import requests
import csv
import datetime
@pmeyerson
pmeyerson / rpz_grabber.py
Last active January 29, 2018 01:40
download RPZ files files from infoblox customer portal. Compute diff from yesterday to splunk!
#!/usr/bin/python
# requires dnspython compliments dnspython.org; install via pip
import glob
import os
import difflib
import datetime
import dns.query
import dns.zone
import dns.tsigkeyring
@pmeyerson
pmeyerson / import-networks.py
Last active January 27, 2018 18:16
grab infoblox networks via wapi
#!/usr/bin/python
import datetime
import requests
import csv
import json
url = 'https://infobloxhostname-or-ip/wapi/v2.0/' # API URL to query. Make sure API access is enabled on this host.
id = '' # API enabled credentials.
pwd = ''