By Splunk May 20, 2013
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: docs are better with lens flare, some of the best jokes don’t need linebreaking, the .secret of anonymous bind and puppet:
Splunk Docs> Into Dorkness
Our docs site got a little design rework recently:
<cerby> getting used to the new look.
<jspears> I thought I noticed something different yesterday
<@cgales> some slight adjustments to the doc site styles are coming soon, and repairs to a couple of things that broke (like indented lists, which really messed up the search reference)
<duckfez> cgales: can you add just a little more metallic lens flare? 😀
<^Brian^> blink tags! comic sans! 1990’2!
<^Brian^> 1990’s!
<@cgales> I would love a vintage Spielberg Close Encounters skin…lens flares, lots of blue light…cool
<^Brian^> and organ sounds!
<@cgales> and across the top of the docs it could say “we’re taking over this conversation now!”
<@cgales> But that would be the wrong message. I guess “we are not alone” is more suitable because we loooove our customers
<cerby> lens flare in docs would be awesome.
<cerby> here’s how it should work:
<cerby> lens flare effect gets placed above the most useful comment on each docs page
<cerby> as judged by a panel of splunk docs experts.
<cerby> (while they are drinking)
One-liners (or thereabouts)
There’s a joke in here about multi-line events, but I’ll be damned if I can find it:
* Joins: Splunk (~Adium@rrcs-184-75-97-32.nyc.biz.rr.com)
<duckfez> yo dawg, I heard you like Splunk. So user Splunk joined #splunk to talk about Splunk with people who use Splunk
<automine> every time I see another vendor say “we now support logs from x” I just shake my head and laugh
—
<Baconesqu> Learning to speak management feels like learning one of those african clicking languages… Non-speakers give you *strange* looks when you start speaking it, but it raises your esteem substantially with the native speakers.
<wward> duckfez you are insanely smart
<rayutsw> well he does have a cape.
#splunk has its very own puppetmaster
(or should that be mistress?) lisa’ explains how to outsmart it:
<morgajel> what’s the deal with the “anonymous bind” password when doing ldap auth?
<morgajel> bindDNpassword = $1$ug== <– no password is set, yet that turkey shows up
<duckfez> that is the encrypted version of nothing
<morgajel> ah, but why is it different than the net machine?
<morgajel> bindDNpassword = $1$uQ==
<duckfez> splunk.secret
<morgajel> …
<morgajel> so here’s my concern
<duckfez> each install generates a .secret file
<duckfez> puppet won’t like it
<morgajel> yup
<duckfez> yup, you have discovered one of the PITAs about puppet & splunk together
<duckfez> lisa`: poke
<duckfez> lisa’s puppet-foo is >>> mine
<lisa`> duckfez: you rang?
<duckfez> deployment server, unlike puppet, won’t disturb the file
<morgajel> if I clear the field in the file and restart, it works fine and re-adds the string
<Baconesqu> I have homebrew, and regrets.
<lisa`> what’s the puppet probs?
<duckfez> hi lisa`! trying to help morgajel argue with puppet and splunk files that splunk likes to rewrite to hash passwords
<lisa`> Ahhh
<morgajel> so I could always have puppet push the file with an empty field “bindDNpassword = ” and just not have that file notify splunk when it changes.
<lisa`> this is an easy one
<lisa`> you can do it 2 ways actually
<morgajel> whenever splunk restart, puppet will update with a blank tokena gain
<duckfez> he puppets X, then splunk says “fek you imma change it”, then puppet says “fek you imma change it too”
<Nerf> pain and gain!
<morgajel> duckfez: which is only a hiccup when the forwarder restarts, which should be infrequent
<duckfez> morgajel: one option is to ship splunk.secret via puppet
<lisa`> morgajel: you can use file { “…”: replace => false }
<duckfez> lisa`: many thanks!
<morgajel> thank you for your assistance lisa`
----------------------------------------------------
Thanks!
rachel perkins