oh splunk. i love you. but i hate you. i want you to be free, but life is never that nice, is it?
here're some useful things for me and me alone.
remove splunk trial notifications
sure, splunk is free to use with < 500mb/day.
by default has a notification at the top of the gui offering a for-pay license. To remove it,
2 lines need to be commented. change this lines in:
/opt/splunk/lib/python2.5/site-packages/splunk/appserver/oxiclean/SearchService.py:
{{{
# nagware D) if the user is using a free version of the software -- nag them constantly on every page!
if (licenseInfo.find(".//product") != None):
productVersion = licenseInfo.find(".//product").text
#logger.debug("this is a %s server" % productVersion )
if (productVersion == "free"):
self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )
}}}
to:
{{{
# nagware D) if the user is using a free version of the software -- nag them constantly on every page!
if (licenseInfo.find(".//product") != None):
productVersion = licenseInfo.find(".//product").text
#logger.debug("this is a %s server" % productVersion )
# if (productVersion == "free"):
# self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )
}}}
do not get smart and do this:
# nagware E) if the user is using a free version of the software -- nag them constantly on every page!
#logger.debug("checking for nagware state E")
if (licenseInfo.find(".//type") != None):
productType = licenseInfo.find(".//type").text
#logger.debug("this is a %s license" % productType )
if (productType == "trial"):
# timeRemainingMessage, licenseState = self.getLicenseTimeRemainingString(licenseInfo)
# self.setSystemError("nagwareTime", timeRemainingMessage )
removing splunk update check
when splunk starts it looks for updates. stop that, okay?
change this line in:
/opt/splunk/etc/system/default/web.conf
updateCheckerBaseURL = http://quickdraw.splunk.com/js/
to:
updateCheckerBaseURL = 0
howto have splunk listen to arbitrary ports
if UDP/TCP 514 are defined in inputs, obviously a daemon running as a not root-user is unable to open these socket connections.
to open socket connections for these and any other... run splunk as root (say it ain't so).
or use iptables and redirect to whereever splunk is listening. gross.
or edit syslog's conf file to plop all traffic somewhere and have splunk snarf it up. logrotate. eh.
Monday, November 17, 2014
splunk revelations and dayquil
i am taking dayquil today and somehow i decided to no longer like splunk's nag screen and to no longer like splunk's check for updates feature.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment