Converting Simplified Extended ISO8601 In Splunk

Wonder how to use the ISO8601 format in Splunk? Simplified extended ISO8601 is for example used in Javascript’s toISOString function. It’s a great way (readable and to timezone agnostic) to exchange timestamps between Splunk and Splunk Apps. Here’s how it’s done:

March 23, 2022 · 1 min · Marcus Schiesser

Using Any Html Page As Login Page In Splunk

The configuration options in Splunk to customize the login page are not sufficient? You want to use an arbitrary HTML page? This static login page can be used to customize the login experience for Splunk (Tested with Enterprise 8.2.3): To activate it, you have to copy this file to $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/login.html (it will be served by Splunk Web as a static file) and add the following entry to the settings stanza in the web....

February 23, 2022 · 1 min · Marcus Schiesser

Using username or token authentication in Splunk from Python

For either using username or token authentication in Splunk, I wrote a small wrapper for the connect function. The advantage compared to the existing connect function is that you can use the same line of code for both authentication methods depending on the parameters that you pass (here shown by using ENV variables):

February 10, 2022 · 1 min · Marcus Schiesser

Latest 2022 EKS Cluster with Load Balancing Controller and External DNS

Need a terraform script to setup the latest 2022 EKS cluster including the best goodies like Helm, AWS Load Balancer Controller and External DNS? Then please have a look at my GitHub repository eks-cluster-with-lb-controller. The advantage of its configuration is that for the lifecycle of application specific resources (DNS entries, load balancers, target groups), Terraform is not needed. Kubernetes ingress resources with specific annotations are sufficient and can be checked into each application’s repository to fulfill IaC requirements....

February 7, 2022 · 1 min · Marcus Schiesser

Switching to an IAM role that requires MFA in AWS

IAM roles are a great way to increase security in AWS. A user can switch to a specific role and get a new set of permissions. The Switching to an IAM role article explains how to do this for the AWS CLI, but unfortunately leaves out how to switch to a role that requires MFA. The trick is to add a mfa_serial parameter to the profile in the ~/.aws/config file, e....

December 30, 2021 · 1 min · admin