Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
AFS
/
infrastructure-notes
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: b9c6d3b6da
Gałęzie Tagi
infrastructure-...
/
MDR Splunk NGA Data Pull Request.txt

MDR Splunk NGA Data Pull Request.txt 2.5 KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. stand up a new "search head" that just has splunk installed on it, no need to configure the splunk instance. the splunk instance will query the actual search head and pull the data out. See hurricane labs python script. 
    2. 

  2. 

  3. https://jira.mdr.defpoint.com/browse/MSOCI-1013
    4. 

  4. 

  5. vpc-05e0cf38982e048db
    6. 

  6. 

  7. subnet-0a2384bce743cf303
    8. 

  8. 

  9. MSOC_RedHat_Minion_201807250350 (ami-01c2c25dc719d3546) USED CENTOS 7 AWS AMI 
    10. 

  10. 

  11. m4.large
    12. 

  12. 

  13. generated SSH key pair bradp.pem
    14. 

  14.  
    15. 

  15. nga-splunk-searches
    16. 

  16. 

  17. username is centos
    18. 

  18. 

  19. delete key pair when done from AWS and the bastion host! bradp
    20. 

  20. 

  21. delete svc-searches from nga splunk SH when done
    22. 

  22. 

  23. delete 1TB EBS volume when done
    24. 

  24. 

  25. 

  26. 

  27. search "index=network sourcetype=qos_syslog CA98C333-F830-0B45-A543-4450CDFDA84A 1571414560 Accept 47048" -output rawdata -maxout 0 -max_time 0 -uri https://10.2.2.122:8089
    28. 

  28. 

  29. 

  30. 

  31. start fail
    32. 

  32. 1019_1020export.raw
    33. 

  33. 1018_1019 times:
    34. 

  34. head - 2019-09-15T09:14:59
    35. 

  35. tail - 2019-09-15T09:09:31
    36. 

  36. 

  37. end fail
    38. 

  38. 1091_1092export.raw
    39. 

  39. 1093_1094 times:
    40. 

  40. head - 2019-09-14T14:14:59
    41. 

  41. tail - 2019-09-14T14:00:00
    42. 

  42. 

  43. 

  44. i=5000
    45. 

  45. start time 2019-09-15T09:14:59
    46. 

  46. stop time 2019-09-14T14:00:00
    47. 

  47. 

  48. 

  49. start fail
    50. 

  50. 784_785export.raw
    51. 

  51. 783_784 times:
    52. 

  52. head - 2019-09-17T19:59:59
    53. 

  53. tail 2019-09-17T19:46:54
    54. 

  54. 

  55. end fail
    56. 

  56. 857_858export.raw
    57. 

  57. 859_860 times:
    58. 

  58. head  2019-09-17T00:29:59
    59. 

  59. tail 2019-09-17T00:15:00
    60. 

  60. 

  61. i=6000
    62. 

  62. start time 2019-09-17T20:00:00
    63. 

  63. stop time 2019-09-17T00:15:00
    64. 

  64. 

  65. start fail
    66. 

  66. 909_910export.raw
    67. 

  67. 907_908 times:
    68. 

  68. head - 2019-09-16T12:59:59
    69. 

  69. tail - 2019-09-16T12:45:00
    70. 

  70. 

  71. end fail
    72. 

  72. 982_983export.raw
    73. 

  73. 985_986 times:
    74. 

  74. head - 2019-09-15T17:29:59
    75. 

  75. tail - 2019-09-15T17:15:00
    76. 

  76. 

  77. i=7000
    78. 

  78. start time 2019-09-15T17:30:00
    79. 

  79. stop time 2019-09-16T12:45:00
    80. 

  80. 

  81. 

  82. 

  83. 

  84. 

  85. #from my mac
    86. 

  86. aws s3 ls s3://nga-mdr-data-pull
    87. 

  87. aws s3 cp nga-splunk-pull.zip s3://nga-mdr-data-pull
    88. 

  88. aws --profile=mdr-prod s3 presign s3://nga-mdr-data-pull/nga-splunk-pull.zip --expires-in 86400
    89. 

  89. 

  90. aws --profile=mdr-prod s3 presign s3://nga-mdr-data-pull/nga-splunk-pull.zip --expires-in 604800
    91. 

  91. 

  92. https://nga-mdr-data-pull.s3.amazonaws.com/nga-splunk-pull.zip?AWSAccessKeyId=ASIAW6MA4LDMBGUOE7Q6&Signature=6WZ9KdHfH4rj28Ey5hrTib8HcHM%3D&x-amz-security-token=FQoGZXIvYXdzEFIaDCbQsc24x7kkQnhLQSL%2FAV4UBSVowGvhyMyS41rQtbtnmznvrbIu5Y9CCrxJ65RP%2BMeHz7Jkwu8BFEzNeeIT5M6Dfcd1NdFkqXBjE54y6G6HujSSLPk8gp2UqGDKkqMDE3qzrXfHRKaIlMInkACQi6VPpRDjFYGnnILS8vO5gjzqr9HUAsIgfVwpEuVf%2FPBbEcuUH87kZS6FqyQHTBc%2BcPk8KetsX2IuLmpOVAysip3IGgx2duVETNqKH0uXOM%2FUBygyJ7gD3DLoQWqCHQvxG0AfO0vEkRAZxgLKSDm6E2c8d9mJ5I6yXl2xBK7ii5bKWmhWtnPGYrErVFTxhfqeI6SHwzJOsLlNdkAC6nSKRyi1wMztBQ%3D%3D&Expires=1572625186
    93. 

  93. 

  94. 

  95. tail -1 1018_1019export.raw
    96.