Splunk – List REST API users and their IPs

Leave a comment

Want to get a list REST API users and their IPs?

Run this search

index=_internal
host IN(SH1,SH2,SH3)
sourcetype=splunkd_access
user != "-"
clientip != "IP_of_SH1" clientip != "IP_of_SH2" clientip != “IP_of_SH3”
NOT TERM(127.0.0.1)
NOT TERM(splunk-system-user)
| stats values(clientip) by user

The limitation is if the users are going via a Load Balancer, you will see  Load Balancer’s IP as the clientip

Use Glide to create a catalog of books and movies from the Tim Ferris blog

Leave a comment

So I was playing with web scraping a couple of years ago and scraped the list of Books, Movies and other items mentioned in Tim Ferris Blog and Podcast and yesterday I’ve somehow stumbled on the Glide. So I thought to myself, “why not try to use Glide to create a catalog of books and movies from the Tim Ferris blog?”

Continue reading Use Glide to create a catalog of books and movies from the Tim Ferris blog

Notes from SplunkLive! Sydney 2019

Leave a comment

Notes from SplunkLive! Sydney 2019

I’ve had a chance to got SplunkLive! in Sydney this year.

It was freezing (by Sydney standards) 7.6 with winds which felt like -0.2 according to weatherzone app on my phone and my face.

So I wouldn’t have minded if the event turned out to be a total disaster, as long as they would have served coffee and it was warm inside, but it turned out to be quite interesting.

Continue reading Notes from SplunkLive! Sydney 2019

Python – Test Network Connection

Leave a comment

The below will return True/False

import socket

def test_connection(host="8.8.8.8", port=53, timeout=3):
  try:
    socket.setdefaulttimeout(timeout)
    socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect((host, port))
    return True
  except Exception as ex:
    #print ex.message
    return False


destination_host = "mymachine.company"
destination_port = 9997
timeout = 2
test_result = test_connection(destination_host, destination_port, timeout)

Or you can use this version to return the Exception in case connection has failed

import socket

def test_connection(host="8.8.8.8", port=53, timeout=3):
  try:
    socket.setdefaulttimeout(timeout)
    socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect((host, port))
    return True, None
  except Exception as ex:
    #print ex.message
    return False, ex.message


destination_host = "mymachine.company"
destination_port = 9997
timeout = 2
test_result, ex = test_connection(destination_host, destination_port, timeout)

Configure Splunk SSO with Auth0 as your identity provider

I had to work on Splunk SSO Integration and since had never touched SSO/SAML before, I wanted to play with it a little bit on my machine. I’ve decided to use Oath0 as my IdP

This tutorial is based on SAML SSO with Auth0 as Service Provider and as an Identity Provider, but the steps that are relevant to configuring an Auth0 tenant as the Service Provider (SP) are replaced with Splunk Configuration.

Continue reading Configure Splunk SSO with Auth0 as your identity provider

Return user roles in Auth0

1 Comment

I wanted to play with SAML Authentication in Splunk and decided to use Auth0 is my SAML Identity Provider (IdP).
Since i’ve never worked with Auth0 I just followed the SAML SSO with Auth0 as Service Provider and as an Identity Provider tutorial,, which worked well, but when I tried to use Splunk as Service Provider(SP), i.e. SAML service consumer, I noticed that roles are not returned by Auth0 SAML assertion, so I had to find a way to return user roles in Auth0 together with other user’s information.

Continue reading Return user roles in Auth0

Infrequent Smarts by Reshetnikov