dreadknot / splunk Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 0.0 128 KB

Things I've learned about Splunk

splunk's People

Contributors

splunk's Issues

splunk

Send in data with the cli

root@master:/opt/splunk/bin/scripts# splunk add oneshot status.txt
Your session is invalid.  Please login.
Splunk username: admin
Password:
Oneshot '/opt/splunk/bin/scripts/status.txt' added
root@master:/opt/splunk/bin/scripts# splunk add oneshot status.txt
Oneshot '/opt/splunk/bin/scripts/status.txt' added
root@master:/opt/splunk/bin/scripts# splunk add oneshot status.txt
Oneshot '/opt/splunk/bin/scripts/status.txt' added

with parameters

splunk add oneshot status.txt -index githubstatus -sourcetype githubstatus

Check index

splunkd fsck --mode metadata --all

Test Scripted Inputs

From splunkgit# less How\ to\ test\ scripts.txt
http://apps.splunk.com/app/836/#

This is how you can manually test our scripted inputs.

Prerequisites:

Make sure 'splunk' is in your $PATH.
Make sure you've read and understood our README.md

Test the scripts by opening up a terminal and locating the 'bin' folder of this app, which could be located at:
$SPLUNK_HOME/etc/apps/splunkgit/bin

To test our git repository data type:
splunk cmd ./fetch_git_repo_data.sh

To test the github data type:
splunk cmd python fetch_github_data.py

Apps

Make an app

root@master:/opt/splunk/etc/apps# tar -cvzf githubstatus.tar.gz githubstatus
githubstatus/
githubstatus/local/
githubstatus/local/app.conf
githubstatus/bin/
githubstatus/bin/status.txt
githubstatus/bin/jq
githubstatus/bin/README
githubstatus/bin/githubstatus.sh
githubstatus/metadata/
githubstatus/metadata/default.meta
githubstatus/metadata/local.meta
githubstatus/default/
githubstatus/default/indexes.conf
githubstatus/default/props.conf
githubstatus/default/data/
githubstatus/default/data/ui/
githubstatus/default/data/ui/views/
githubstatus/default/data/ui/views/github_status.xml
githubstatus/default/data/ui/views/README
githubstatus/default/data/ui/nav/
githubstatus/default/data/ui/nav/default.xml
githubstatus/default/app.conf
githubstatus/default/inputs.conf

search

index="sslstatus" | rex "After : (?<expires>.*)" | eval remaining=strptime(expires, "%b %d %H:%M:%S %Y %Z") | eval window=relative_time(remaining,"-120d@d") | where now() > window

index="sslstatus" | rex "After : (?<expires>.*)" | eval remaining=strptime(expires, "%b %d %H:%M:%S %Y %Z") | eval window=relative_time(remaining,"-90d@d") | where now() > window

index="sslstatus" | rex "After : (?<expires>.*)" | eval remaining=strptime(expires, "%b %d %H:%M:%S %Y %Z") | eval window=relative_time(remaining,"-30d@d") | where now() > window

source=*celeryd_main* "succeeded in"  | rex "Task (?<task>[a-z.A-Z]*)"

index=*something* source="/opt/splunk/var/log/splunk/license_usage.log" type=Usage | eval VolKB=round((b/1024),2) | timechart span=1h usenull=false useother=false sum(VolKB) by idx | addtotals |accum Total as TotalVolume |

dreadknot / splunk Goto Github PK

splunk's People

Contributors

splunk's Issues

splunk

Test Scripted Inputs

Apps

search

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent