renamed to sp and added a compose file for running on a vm using a bridged adapter

Author: jay-johnson

README.rst

@@ -81,22 +81,22 @@ Please wait a few while the container is getting ready. You may see output like
 Get Splunk Logs from the Command Line Tool
 ------------------------------------------
 
-Use the command line tool: **spy** to search for recent logs.
+Use the command line tool: **sp** to search for recent logs.
 
 ::
 
-    spy
+    sp
 
 Which will log something like:
 
 ::
 
-    spy - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
-    spy - INFO - connecting trex@localhost:8089
-    spy - INFO - No matches for search={
+    sp - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
+    sp - INFO - connecting trex@localhost:8089
+    sp - INFO - No matches for search={
         "search": "search index=\"antinex\" | head 10"
     }
-    spy - INFO - done
+    sp - INFO - done
 
 Write Splunk Logs
 -----------------
@@ -115,13 +115,13 @@ By default the container creates an **antinex** index with a user token for the
 Get the Test Splunk Logs using the Command Line Tool
 ----------------------------------------------------
 
-The command line tool called ``spy`` is included with the pip on install. When you run it, it will return the most recent logs from the index (``antinex`` by default) and print them to stdout.
+The command line tool called ``sp`` is included with the pip on install. When you run it, it will return the most recent logs from the index (``antinex`` by default) and print them to stdout.
 
 ::
 
-    spy - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
-    spy - INFO - connecting trex@localhost:8089
-    spy - ERROR - {
+    sp - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
+    sp - INFO - connecting trex@localhost:8089
+    sp - ERROR - {
         "asctime": "2018-06-21 16:53:25,509",
         "custom_key": "custom value",
         "exc": null,
@@ -135,7 +135,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5090911
     }
-    spy - CRITICAL - {
+    sp - CRITICAL - {
         "asctime": "2018-06-21 16:53:25,508",
         "custom_key": "custom value",
         "exc": null,
@@ -149,7 +149,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5082061
     }
-    spy - ERROR - {
+    sp - ERROR - {
         "asctime": "2018-06-21 16:53:25,507",
         "custom_key": "custom value",
         "exc": null,
@@ -163,7 +163,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5078382
     }
-    spy - INFO - {
+    sp - INFO - {
         "asctime": "2018-06-21 16:53:25,507",
         "custom_key": "custom value",
         "exc": null,
@@ -177,7 +177,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5072436
     }
-    spy - INFO - done
+    sp - INFO - done
 
 Logging to Splunk from a Python Shell
 -------------------------------------
@@ -425,7 +425,7 @@ Please refer to the command line tool's updated usage prompt for help searching
 
 ::
 
-    usage: spy [-h] [-u USER] [-p PASSWORD] [-f DATAFILE] [-i INDEX_NAME]
+    usage: sp [-h] [-u USER] [-p PASSWORD] [-f DATAFILE] [-i INDEX_NAME]
            [-a ADDRESS] [-e EARLIEST_TIME_MINUTES] [-l LATEST_TIME_MINUTES]
            [-v VERIFY] [-s]
 
@@ -445,6 +445,12 @@ Please refer to the command line tool's updated usage prompt for help searching
     -v VERIFY             verify certs - disabled by default
     -s                    silent
 
+For trying the host-only compose file, you may see errors like:
+
+```unable to resolve host splunkenterprise```
+
+Please add ```splunkenterprise``` to the end of the line for ```127.0.0.1``` in your ```/etc/hosts```
+
 Cleanup
 -------
 

docs/source/index.rst

@@ -86,22 +86,22 @@ Please wait a few while the container is getting ready. You may see output like
 Get Splunk Logs from the Command Line Tool
 ------------------------------------------
 
-Use the command line tool: **spy** to search for recent logs.
+Use the command line tool: **sp** to search for recent logs.
 
 ::
 
-    spy
+    sp
 
 Which will log something like:
 
 ::
 
-    spy - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
-    spy - INFO - connecting trex@localhost:8089
-    spy - INFO - No matches for search={
+    sp - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
+    sp - INFO - connecting trex@localhost:8089
+    sp - INFO - No matches for search={
         "search": "search index=\"antinex\" | head 10"
     }
-    spy - INFO - done
+    sp - INFO - done
 
 Write Splunk Logs
 -----------------
@@ -120,13 +120,13 @@ By default the container creates an **antinex** index with a user token for the
 Get the Test Splunk Logs using the Command Line Tool
 ----------------------------------------------------
 
-The command line tool called ``spy`` is included with the pip on install. When you run it, it will return the most recent logs from the index (``antinex`` by default) and print them to stdout.
+The command line tool called ``sp`` is included with the pip on install. When you run it, it will return the most recent logs from the index (``antinex`` by default) and print them to stdout.
 
 ::
 
-    spy - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
-    spy - INFO - connecting trex@localhost:8089
-    spy - ERROR - {
+    sp - INFO - creating client user=trex address=localhost:8089 login=localhost:8089 
+    sp - INFO - connecting trex@localhost:8089
+    sp - ERROR - {
         "asctime": "2018-06-21 16:53:25,509",
         "custom_key": "custom value",
         "exc": null,
@@ -140,7 +140,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5090911
     }
-    spy - CRITICAL - {
+    sp - CRITICAL - {
         "asctime": "2018-06-21 16:53:25,508",
         "custom_key": "custom value",
         "exc": null,
@@ -154,7 +154,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5082061
     }
-    spy - ERROR - {
+    sp - ERROR - {
         "asctime": "2018-06-21 16:53:25,507",
         "custom_key": "custom value",
         "exc": null,
@@ -168,7 +168,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5078382
     }
-    spy - INFO - {
+    sp - INFO - {
         "asctime": "2018-06-21 16:53:25,507",
         "custom_key": "custom value",
         "exc": null,
@@ -182,7 +182,7 @@ The command line tool called ``spy`` is included with the pip on install. When y
         "tags": [],
         "timestamp": 1529625205.5072436
     }
-    spy - INFO - done
+    sp - INFO - done
 
 Logging to Splunk from a Python Shell
 -------------------------------------
@@ -430,7 +430,7 @@ Please refer to the command line tool's updated usage prompt for help searching
 
 ::
 
-    usage: spy [-h] [-u USER] [-p PASSWORD] [-f DATAFILE] [-i INDEX_NAME]
+    usage: sp [-h] [-u USER] [-p PASSWORD] [-f DATAFILE] [-i INDEX_NAME]
            [-a ADDRESS] [-e EARLIEST_TIME_MINUTES] [-l LATEST_TIME_MINUTES]
            [-v VERIFY] [-s]
 

docs/source/scripts.rst

@@ -4,7 +4,7 @@ Examples and Scripts
 Search Splunk with a Dictionary
 ===============================
 
-The command line client ``spy`` is actually a copy of the ``search_splunk.py`` script. Note, this will likely change in the future, but for now this makes the docs easy to host on RTD.
+The command line client ``sp`` is actually a copy of the ``search_splunk.py`` script. Note, this will likely change in the future, but for now this makes the docs easy to host on RTD.
 
 .. automodule:: spylunking.scripts.search_splunk
    :members: run_main

host-network-compose.yml

@@ -0,0 +1,101 @@
+version: '3'
+
+services:
+  splunkenterprise:
+
+    hostname: splunkenterprise
+    container_name: "splunk"
+    image: splunk/splunk:7.0.3
+    environment:
+      SPLUNK_START_ARGS: --accept-license --answer-yes
+      SPLUNK_ENABLE_LISTEN: 9997
+      SPLUNK_ADD: tcp 1514
+    network_mode: "host"
+    entrypoint: "/bin/sh -c '/bin/echo \"starting entrypoint\" 
+                 && cd /opt/splunk 
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" > /opt/splunk/service.log 
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" > /opt/splunk/boot.log 
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\"
+                 && touch ./etc/.ui_login 
+                 && /bin/echo \"building splunk starter\" >> /opt/splunk/boot.log 
+                 && /bin/echo \"#!/bin/bash\" >> /opt/start-all.sh
+                 && /bin/echo \"/usr/bin/nohup /bin/bash /sbin/entrypoint.sh start-service >> /opt/splunk/service.log \" >> /opt/start-all.sh
+                 && /bin/chmod 777 /opt/start-all.sh
+                 && /bin/cat /opt/start-all.sh >> /opt/splunk/boot.log
+                 && /bin/echo \"running splunk starter\" >> /opt/splunk/boot.log
+                 && /usr/bin/nohup /opt/start-all.sh & >> /opt/splunk/boot.log
+                 && /bin/echo \"sleeping for startup\" >> /opt/splunk/boot.log
+                 && sleep 20
+                 && /bin/echo \"\" >> /opt/splunk/boot.log
+                 && /bin/echo \"loading remote login\" 
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\"
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" >> /opt/splunk/boot.log
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" >> /opt/splunk/service.log
+                 && /bin/echo \"installing remote login support\" >> /opt/splunk/boot.log
+                 && sed -i \"/\\[general\\]/aallowRemoteLogin = always\"
+                    /opt/splunk/etc/system/local/server.conf
+                 && /bin/echo \"\" >> /opt/splunk/boot.log
+                 && cat /opt/splunk/etc/system/local/server.conf >> /opt/splunk/boot.log
+                 && /bin/echo \"\" >> /opt/splunk/boot.log
+                 && /bin/echo \"\" >> /opt/splunk/service.log
+                 && /bin/echo \"\"
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" >> /opt/splunk/boot.log
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" >> /opt/splunk/service.log
+                 && /bin/echo \"creating user\" >> /opt/splunk/boot.log
+                 && /bin/echo \"creating user\"
+                 && ./bin/splunk add user trex -password 123321 -role admin -auth admin:changeme
+                 && /bin/echo \"creating index antinex\" >> /opt/splunk/boot.log
+                 && /bin/echo \"creating index antinex\" >> /opt/splunk/service.log
+                 && ./bin/splunk add index antinex -auth \"trex:123321\" >> /opt/splunk/boot.log
+                 && /bin/echo \"enabling HEC in Global Settings\" >> /opt/splunk/boot.log
+                 && /bin/echo \"enabling HEC in Global Settings\" >> /opt/splunk/service.log
+                 && ./bin/splunk http-event-collector enable -uri https://localhost:8089 -auth \"trex:123321\" >> /opt/splunk/boot.log
+                 && /bin/echo \"creating token\" >> /opt/splunk/boot.log
+                 && ./bin/splunk 
+                    http-event-collector create 
+                    antinex-token \"antinex-token\" 
+                    -index antinex 
+                    -sourcetype json
+                    -uri \"https://localhost:8089\" 
+                    -auth \"trex:123321\" 
+                 && /bin/echo \"enabling Token for HEC access\" >> /opt/splunk/boot.log
+                 && /bin/echo \"enabling Token for HEC access\" >> /opt/splunk/service.log
+                 && ./bin/splunk 
+                    http-event-collector enable 
+                    -uri https://localhost:8089 
+                    -name antinex-token
+                    -auth \"trex:123321\" >> /opt/splunk/boot.log
+                 && /bin/echo \"\"
+                 && /bin/echo \"restarting splunk\" >> /opt/splunk/boot.log
+                 && /bin/echo \"restarting splunk\" >> /opt/splunk/service.log
+                 && ./bin/splunk restart >> /opt/splunk/service.log
+                 && /bin/echo \"done restarting splunk\" >> /opt/splunk/boot.log
+                 && /bin/echo \"done restarting splunk\" >> /opt/splunk/service.log
+                 && /bin/echo \"\" >> /opt/splunk/boot.log
+                 && /bin/echo \"\" >> /opt/splunk/service.log
+                 && /bin/echo \"Boot completed.\"
+                 && /bin/echo \"Boot completed.\" >> /opt/splunk/boot.log
+                 && /bin/date -u +\"%Y-%m-%d %H:%M:%S\" 
+                 && /bin/echo \"\"
+                 && /bin/echo \"Debugging tools:\"
+                 && /bin/echo \"\"
+                 && /bin/echo \"Tail the boot log:\"
+                 && /bin/echo \"docker exec -it splunk /usr/bin/tail -f /opt/splunk/boot.log\"
+                 && /bin/echo \"Tail the startup log:\"
+                 && /bin/echo \"docker exec -it splunk /usr/bin/tail -f /opt/splunk/service.log\"
+                 && /bin/echo \"\"
+                 && /bin/echo \"Pull the boot log:\"
+                 && /bin/echo \"./logs.sh b\"
+                 && /bin/echo \"Pull the startup log:\"
+                 && /bin/echo \"./logs.sh s\"
+                 && /bin/echo \"Pull the docker log:\"
+                 && /bin/echo \"./logs.sh d\"
+                 && /bin/echo \"Tail the docker log:\"
+                 && /bin/echo \"./logs.sh\"
+                 && tail -f /opt/splunk/service.log'"
+    ports:
+      - "8000:8000"
+      - "9997:9997"
+      - "8089:8089"
+      - "8088:8088"
+      - "1514:1514"

setup.py

@@ -63,7 +63,7 @@ def run_tests(self):
 setup(
     name='spylunking',
     cmdclass={'test': PyTest},
-    version='1.0.8',
+    version='1.0.9',
     description=(
         'Splunk-ready python logging integration, Docker demos and tools'),
     long_description=(
@@ -88,7 +88,7 @@ def run_tests(self):
         './spylunking/scripts/show_service_token.py',
         './spylunking/scripts/search_splunk.py',
         './spylunking/scripts/test_logging.py',
-        './spylunking/scripts/spy'
+        './spylunking/scripts/sp'
     ],
     use_2to3=True,
     classifiers=[

spylunking/scripts/spy spylunking/scripts/sp

@@ -17,7 +17,7 @@ from spylunking.ppj import ppj
 
 
 log = build_colorized_logger(
-    name='spy',
+    name='sp',
     handler_name='simple')
 # additional optional args:
 #