Splunk Alert Scripts – Automating Control

A big thanks to the members of the @SplunkDev team that were helpful and patient with my questions while I pulled this together. Thanks Guys: @gblock, @damiendallimore‎ and David Noble

In Splunk circles, you often hear about the holy grail of using Splunk to actively control other systems. It can be hard to find details or good examples on HOW to do it. I am always working on something new that deepens my technical skills. I had not previously dealt with REST APIs or Splunk alert scripts and this post is the result. Used well you can replace manual daily operations tasks; changing Splunk from a tool into a team member.

We will cover a working example of using Splunk alert results to update a Google Spreadsheet via the Drive Python SDK. Once you understand how it works, you can make you own controls of any system that supports REST API calls such as an Intrusion Prevention System to block a list of IP addresses using a scheduled Splunk alert.

We will leverage a Splunk blog post on saving credentials in a Splunk App to avoid leaving our Google credentials hard coded and exposed in the alert script. It turns out alert scripts work in the same way but it is not well documented. I built a Python class for retrieving those credentials from Splunk so you could re-use the code across many alert scripts. The scripts can all be found in the supporting GitHub repo. You will be able to use these as a framework for your own alert scripts to drive actions in other systems. I will not be stepping through the code itself as it is fairly well commented. There are plenty of moving parts to this so you need to be an experienced Splunk administrator to get it working. The benefit is that once you get one working you can just make new variants with little effort.


Continue reading “Splunk Alert Scripts – Automating Control”


Splunk Bringing in Data – Minecraft the Model Method

I like to take more than traditional IT and security logs into Splunk. You can enhance your production data in creative ways. I am a firm believer the best way to learn is to practice on something out of the norm. The game Minecraft is a fun source of log data if you find out how to extract the information. I am a bit of a closet Minecraft Let’s Play video fan. At the last Splunk user conference the gaming room was setup with a local Minecraft server and logging to Splunk. That was the public debut of the Splunk Minecraft App. It was fun to see the live information about what types of resources had been collected etc.

The Splunk Minecraft App relies on a plugin for a variant build of Minecraft called Bukkit, which makes it easy to run Minecraft with modifications. The problem is that the Log To Splunk plugin has not been updated to keep up with java versions. Yeah, Minecraft is written in java. Over the holiday I wanted to play with some minecraft logs in Splunk v6 so I had to find another solution. After all, it is a good way to practice on parsing logs, event typing and tagging them. There is an old blog post that predates the Splunk Minecraft App that tells how to use a Minecraft plugin called PlayerLogger to do this. You can find the original post over on Robert Jordan’s blog.

Continue reading “Splunk Bringing in Data – Minecraft the Model Method”


Removing Power Line Hum in GarageBand

I had made a video on removing hum in Soundtrack Pro a long time back. Last night I found I had never shared a version I made where I replicated the process in GarageBand for my author friend, Jake Bible.  So I tossed the video into FCPX to put a title and introduction on it then sent it on up to YouTube.


I cover how to remove power line hum, (120Hz) from audio using GarageBand. The technique is useful for removing any constant frequency from your audio. You can find Dead Mech at http://www.jakebible.com/


Compressor 4 – Distributed Processing

I tossed together a video tutorial on using multiple macs to do distributed processing with Compressor 4.

I found that Compressor 4 cannot talk to qmaster nodes on older macs running Compressor 3.5.  And in the case of my 1st generation mac mini it won’t install Compressor 4 from the app store.  BUT I did find I could drag Compressor 4 to my mac mini manually and run it as a services only C4 qmaster node.  Thus I still get to use it for extra processing power in my Compressor 4 cluster.


Repairing Clipped Audio

I walk through how I use Soundtrack Pro with Bias Soundsoap to repair some podcast audio. The audio came in clipped but not distorted so badly as to be unusable. I originally did it the hard way using Soundtrack Pro’s “Clicks and Pops” tool. That took hours. Then I remembered Soundsoap has a feature to remove clicks. We dial down the noise handling part and use just a touch of the click removal and it works well and quickly.