Commits

Benjamin Smith  committed a4ac93f

progress

  • Participants
  • Parent commits 00bc9d9

Comments (0)

Files changed (5)

File alerting_example.py

+import time, sys
+from pysp.splunk_examples import SplunkExamples
+
+eg = SplunkExamples()
+
+def create_alert_for_nagios():
+    errors = eg.errors_last_hour(max_count=100)
+
+    while not errors.isDone:
+        continue
+
+    if errors.resultCount == 0:
+        print "No errors in the last hour"
+        erorrs.cancel()
+        sys.exit(0)
+    elif errors.resultCount > 0 and errors.resultCount < 10:
+        print "%d errors in the last hour" % errors.resultCount
+        erorrs.cancel()
+        sys.exit(1)
+    elif errors.resultCount > 10:
+        print "%d+ errors in the last hour" % errors.resultCount
+        erorrs.cancel()
+        sys.exit(2)
+
+if __name__ == '__main__':
+    create_alert_for_nagios()

File petit_example.py

+import time, sys
+from pysp.splunk_examples import SplunkExamples
+
+eg = SplunkExamples()
+
+def dump_for_petit():
+    data = eg.data_last_hour(max_count=100000)
+
+    while not data.isDone:
+        continue
+
+    dump = open('./petit_dump', 'w')
+
+    for index, event in enumerate(data.events):
+        dump.write("%s\n" % event)
+
+    dump.close()
+    data.cancel()
+
+if __name__ == '__main__':
+    dump_for_petit()

File presentation/index.rst

 .. class:: incremental
 
  - Social Expressions
- - **Large** installation
+ - **Large** installation (>1k machines)
  - LAMPish stack (that's sooo 2002)
  - PyOhio sponsor ;)
 
   - Reporting, lots of reporting!  Managers like reporting.
   - Automation of data reporting!  Sysadmins like automation.
   - Alerting!  Everyone likes stability and visibility.
+  - You really don't even need to touch the UI! (sysadmins <3 the cli)
 
 `All this and more`
 
 A little less talk, a lot more action
 =====================================
 
-I think I've gone over the basics enough, so let us get dirty.
+I think I've gone over the basics enough, so let look at some examples.
 
-`Usage`
+`Basic Usage`
 -----------
 
 `Real time log analysis`
 
   `Show example of real time search`
 
-`Reporting`
-~~~~~~~~~~~
-
-  `Generate report looking for 'test-splunk'`
-
-  `Show example of generating a report`
-
-Usage (cont)..
-=================
-
 `Alerting`
 ----------
 
   `Show example of modifying search results`
 
 
-`Managing Splunk itself`
-------------------------
+`Using petit with all this data!`
+---------------------------------
 
-  `Do adminy like thinks to Splunk, with CODE`
-
-  `Show example of adminy like things`
+  `As we saw yesterday, petit is pretty cool.`
+  `Let's take some of the live data from splunk and run it through petit!`
 
 
 Conclusion

File pysp/generate_logs.py

 import syslog
-import sys, time
+import sys, time, random
 
 syslog.openlog('test-splunk', syslog.LOG_PID, syslog.LOG_LOCAL2)
 
 
     while True:
         try:
-            syslog.syslog('log message')
+            syslog.syslog("%s-%f" % (sys.argv[1], random.random()))
         except KeyboardInterrupt:
             sys.exit()
-        time.sleep(2)
+        time.sleep(1)

File pysp/splunk_examples.py

     def tail_syslog(self, number=10):
         """Tail the last 'n' events"""
 
-        self.args['max_count'] = number
-
         search_job = splunk_search.dispatch(**self.args)
 
         for index, event in enumerate(search_job.events):
 
         search_job.cancel()
 
-    def report_from_syslog(self):
-        """Create basic report from syslog data"""
+    def errors_last_hour(self, max_count=10):
+        """Get errors in the last hour"""
+        self.args['max_count'] = max_count
         self.args['earliest_time'] = '-1h'
         self.args['latest_time'] = 'now'
+        self.args['search'] = 'search sourcetype="syslog" error'
 
         search_job = splunk_search.dispatch(**self.args)
+        return search_job
 
-        print search_job.events
+    def data_last_hour(self, max_count=10):
+        """Get errors in the last hour"""
+        self.args['max_count'] = max_count
+        self.args['earliest_time'] = '-1h'
+        self.args['latest_time'] = 'now'
+        self.args['search'] = 'search sourcetype="syslog"'
 
-        search_job.cancel()
-
-    def alert_from_syslog(self):
-        """Create alert for nagios from syslog data"""
-        pass
+        search_job = splunk_search.dispatch(**self.args)
+        return search_job