Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: docs are better with lens flare, some of the best jokes don’t need linebreaking, the .secret of anonymous bind and puppet:
Our docs site got a little design rework recently:
<cerby> getting used to the new look.
<jspears> I thought I noticed something different yesterday
<@cgales> some slight adjustments to the doc site styles are coming soon, and repairs to a couple of things that broke (like indented lists, which really messed up the search reference)
<duckfez> cgales: can you add just a little more metallic lens flare? 😀
<^Brian^> blink tags! comic sans! 1990’2!
<^Brian^> 1990’s!
<@cgales> I would love a vintage Spielberg Close Encounters skin…lens flares, lots of blue light…cool
<^Brian^> and organ sounds!
<@cgales> and across the top of the docs it could say “we’re taking over this conversation now!”
<@cgales> But that would be the wrong message. I guess “we are not alone” is more suitable because we loooove our customers
<cerby> lens flare in docs would be awesome.
<cerby> here’s how it should work:
<cerby> lens flare effect gets placed above the most useful comment on each docs page
<cerby> as judged by a panel of splunk docs experts.
<cerby> (while they are drinking)
There’s a joke in here about multi-line events, but I’ll be damned if I can find it:
* Joins: Splunk (~Adium@rrcs-184-75-97-32.nyc.biz.rr.com)
<duckfez> yo dawg, I heard you like Splunk. So user Splunk joined #splunk to talk about Splunk with people who use Splunk
<automine> every time I see another vendor say “we now support logs from x” I just shake my head and laugh
—
<Baconesqu> Learning to speak management feels like learning one of those african clicking languages… Non-speakers give you *strange* looks when you start speaking it, but it raises your esteem substantially with the native speakers.
<wward> duckfez you are insanely smart
<rayutsw> well he does have a cape.
(or should that be mistress?) lisa’ explains how to outsmart it:
<morgajel> what’s the deal with the “anonymous bind” password when doing ldap auth?
<morgajel> bindDNpassword = $1$ug== <– no password is set, yet that turkey shows up
<duckfez> that is the encrypted version of nothing
<morgajel> ah, but why is it different than the net machine?
<morgajel> bindDNpassword = $1$uQ==
<duckfez> splunk.secret
<morgajel> …
<morgajel> so here’s my concern
<duckfez> each install generates a .secret file
<duckfez> puppet won’t like it
<morgajel> yup
<duckfez> yup, you have discovered one of the PITAs about puppet & splunk together
<duckfez> lisa`: poke
<duckfez> lisa’s puppet-foo is >>> mine
<lisa`> duckfez: you rang?
<duckfez> deployment server, unlike puppet, won’t disturb the file
<morgajel> if I clear the field in the file and restart, it works fine and re-adds the string
<Baconesqu> I have homebrew, and regrets.
<lisa`> what’s the puppet probs?
<duckfez> hi lisa`! trying to help morgajel argue with puppet and splunk files that splunk likes to rewrite to hash passwords
<lisa`> Ahhh
<morgajel> so I could always have puppet push the file with an empty field “bindDNpassword = ” and just not have that file notify splunk when it changes.
<lisa`> this is an easy one
<lisa`> you can do it 2 ways actually
<morgajel> whenever splunk restart, puppet will update with a blank tokena gain
<duckfez> he puppets X, then splunk says “fek you imma change it”, then puppet says “fek you imma change it too”
<Nerf> pain and gain!
<morgajel> duckfez: which is only a hiccup when the forwarder restarts, which should be infrequent
<duckfez> morgajel: one option is to ship splunk.secret via puppet
<lisa`> morgajel: you can use file { “…”: replace => false }
<duckfez> lisa`: many thanks!
<morgajel> thank you for your assistance lisa`
----------------------------------------------------
Thanks!
rachel perkins
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.