Skip to content

Instantly share code, notes, and snippets.

View wardbekker's full-sized avatar

Ward Bekker wardbekker

48 followers · 0 following
View GitHub Profile
@wardbekker
wardbekker / rbac-config.yaml
Created September 2, 2019 13:46
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
@wardbekker
wardbekker / new_metron_dashboard.json
Created October 23, 2017 18:07
[
{
"_id": "Metron-Error-Dashboard",
"_type": "dashboard",
"_source": {
"title": "Metron Error Dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{\"col\":5,\"id\":\"Errors-By-Error-Type\",\"panelIndex\":2,\"row\":9,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Error-Source-Proportion\",\"panelIndex\":3,\"row\":9,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Errors-By-Source-Type\",\"panelIndex\":4,\"row\":12,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Error-Type-Proportion\",\"panelIndex\":5,\"row\":12,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":8,\"id\":\"Unique-Error-Messages\",\"panelIndex\":19,\"row\":1,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Total-Error-Messages\",\"panelIndex\":20,\"row\":1,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Errors-By-Hostname\",\"panelIndex\":22,\"row\":15,\"size_x\
@wardbekker
wardbekker / elasticrestore_all_indices.sh
Created October 23, 2017 17:45
OUTPUT=http://localhost:9200
indices=`cat indices.txt`
for INDEX in $indices
do
echo $INDEX
elasticdump --output=$OUTPUT/$INDEX --input="${INDEX}_mapping.json" --type=mapping
elasticdump --output=$OUTPUT/$INDEX --input="${INDEX}_data.json" --type=data --limit=1000
done
@wardbekker
wardbekker / elasticdump_all_indices.sh
Created October 23, 2017 17:41
Dump all local indices
INPUT=http://localhost:9200
indices=$(curl -s -XGET $INPUT/_cat/indices?h=i)
for INDEX in $indices
do
echo $INDEX
elasticdump --input=$INPUT/$INDEX --output=$ --type=data | gzip > "${INDEX}_data.json.gz"
elasticdump --input=$INPUT/$INDEX --output="${INDEX}_mapping.json" --type=mapping
done
@wardbekker
wardbekker / squid_pattern.grok
Created September 28, 2017 11:01
SQUID_DELIMITED %{NUMBER:timestamp}[^0-9]*%{INT:elapsed} %{IP:ip_src_addr} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes} %{WORD:method} %{NOTSPACE:url}[^0-9]*(%{IP:ip_dst_addr})?
@wardbekker
wardbekker / basic_squid2_parser_config.json
Last active September 28, 2017 09:59
{
"parserClassName": "org.apache.metron.parsers.GrokParser",
"filterClassName": null,
"sensorTopic": "squid2",
"writerClassName": null,
"errorWriterClassName": null,
"invalidWriterClassName": null,
"readMetadata": false,
"mergeMetadata": false,
"numWorkers": null,
@wardbekker
wardbekker / squid2_enrichment_without_profiler.json
Last active September 27, 2017 16:01
{
"enrichment": {
"fieldMap": {
"hbaseEnrichment": [
"full_hostname"
],
"geo": [
"ip_dst_addr"
]
},
@wardbekker
wardbekker / squid2_parser_sans_profiler.json
Last active September 27, 2017 16:02
{
"parserClassName": "org.apache.metron.parsers.GrokParser",
"filterClassName": null,
"sensorTopic": "squid2",
"writerClassName": null,
"errorWriterClassName": null,
"invalidWriterClassName": null,
"readMetadata": false,
"mergeMetadata": false,
"numWorkers": null,
@wardbekker
wardbekker / squid2.json
Last active September 28, 2017 16:19
enrichments/squid2.json
{
"enrichment": {
"fieldMap": {
"geo": [
"ip_dst_addr"
],
"hbaseEnrichment": [
"full_hostname"
]
},
@wardbekker
wardbekker / squid2.json
Last active September 27, 2017 15:26
Squid parsers config
{
"parserClassName": "org.apache.metron.parsers.GrokParser",
"filterClassName": null,
"sensorTopic": "squid2",
"writerClassName": null,
"errorWriterClassName": null,
"invalidWriterClassName": null,
"readMetadata": false,
"mergeMetadata": false,
"numWorkers": null,