Getting Data In

Script to automate uploading diags to box.com

jgarland_gap
Engager

I wrote a script that will create a diag and upload it to a folder on box.com. I have a copy of this script in my NFS home and I use another script to trigger it remotely on all of my servers whenever Splunk requests a diag. Then you can log in to box.com and grab the share link and put it in the case notes. In the future, I might re-write it in ruby, and have it automatically generate the share link.

Here is the script:

#!/bin/bash

#Enter your box.com credentials here
user="email_address_goes@here.com"
password="password_goes_here"


date="$(/bin/date '+%F')"
folder="/Splunk/${date}/"
hostname=$(hostname)
diag_file=""

get_diag () {
    echo "${hostname}: Creating diag."
    diag_file=$(/usr/bin/sudo /opt/splunk/bin/splunk diag | awk '/Splunk diagnosis file created:/{ match($0, /Splunk diagnosis file created: (.+)$/,a); print a[1]; }')

    if [ -z ${diag_file} ]; then
        echo "${hostname}: Failed to create diag. Exiting."
        exit 1
    else
        echo "${hostname}: Created ${diag_file}"
        return 0
    fi
}

install_package () {
    package=$1
    #Check to see if ${package} is installed.
    /usr/bin/sudo /usr/bin/yum list installed ${package} >>/dev/null
    if [ $? -ge 1 ]; then
        echo "${hostname}: ${package} package not Installed. Installing via yum."
        echo
        /usr/bin/sudo /usr/bin/yum -y install ${package}
        if [ $? -ge 1 ]; then echo "${hostname}: Unable to install ${package}" ; exit 1 ; fi
    fi
}

upload_diag () {

    diag_basename=$(/bin/basename ${diag_file})

    #Create folder
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -X MKCOL \
        "https://dav.box.com/dav/${folder}"

    #Upload diag
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -# \
        -T ${diag_file} \
        "https://dav.box.com/dav/${folder}/${diag_basename}"

    if [ $? -eq 0 ]; then
        echo "${hostname}: Diag upload complete."
        echo "${hostname}: Deleting ${diag_file}"
        /usr/bin/sudo rm ${diag_file}
        exit 0
    else
        echo "${hostname}: Diag upload failed. Exiting."
        exit 1
    fi

}

#Make sure curl is installed. We need it to upload the diag file to box.com
install_package curl

#Create the diag file and store the filename in ${diag_file}
get_diag

#Upload ${diag_file} with curl
upload_diag
0 Karma
1 Solution

jgarland_gap
Engager

Here is the script:

#!/bin/bash

#Enter your box.com credentials here
user="email_address_goes@here.com"
password="password_goes_here"

date="$(/bin/date '+%F')"
folder="/Splunk/${date}/"
hostname=$(hostname)
diag_file=""

get_diag () {
    echo "${hostname}: Creating diag."
    diag_file=$(/usr/bin/sudo /opt/splunk/bin/splunk diag | awk '/Splunk diagnosis file created:/{ match($0, /Splunk diagnosis file created: (.+)$/,a); print a[1]; }')

    if [ -z ${diag_file} ]; then
        echo "${hostname}: Failed to create diag. Exiting."
        exit 1
    else
        echo "${hostname}: Created ${diag_file}"
        return 0
    fi
}

install_package () {
    package=$1
    #Check to see if ${package} is installed.
    /usr/bin/sudo /usr/bin/yum list installed ${package} >>/dev/null
    if [ $? -ge 1 ]; then
        echo "${hostname}: ${package} package not Installed. Installing via yum."
        echo
        /usr/bin/sudo /usr/bin/yum -y install ${package}
        if [ $? -ge 1 ]; then echo "${hostname}: Unable to install ${package}" ; exit 1 ; fi
    fi
}

upload_diag () {

    diag_basename=$(/bin/basename ${diag_file})

    #Create folder
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -X MKCOL \
        "https://dav.box.com/dav/${folder}"

    #Upload diag
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -# \
        -T ${diag_file} \
        "https://dav.box.com/dav/${folder}/${diag_basename}"

    if [ $? -eq 0 ]; then
        echo "${hostname}: Diag upload complete."
        echo "${hostname}: Deleting ${diag_file}"
        /usr/bin/sudo rm ${diag_file}
        exit 0
    else
        echo "${hostname}: Diag upload failed. Exiting."
        exit 1
    fi

}

#Make sure curl is installed. We need it to upload the diag file to box.com
install_package curl

#Create the diag file and store the filename in ${diag_file}
get_diag

#Upload ${diag_file} with curl
upload_diag

View solution in original post

jgarland_gap
Engager

Here is the script:

#!/bin/bash

#Enter your box.com credentials here
user="email_address_goes@here.com"
password="password_goes_here"

date="$(/bin/date '+%F')"
folder="/Splunk/${date}/"
hostname=$(hostname)
diag_file=""

get_diag () {
    echo "${hostname}: Creating diag."
    diag_file=$(/usr/bin/sudo /opt/splunk/bin/splunk diag | awk '/Splunk diagnosis file created:/{ match($0, /Splunk diagnosis file created: (.+)$/,a); print a[1]; }')

    if [ -z ${diag_file} ]; then
        echo "${hostname}: Failed to create diag. Exiting."
        exit 1
    else
        echo "${hostname}: Created ${diag_file}"
        return 0
    fi
}

install_package () {
    package=$1
    #Check to see if ${package} is installed.
    /usr/bin/sudo /usr/bin/yum list installed ${package} >>/dev/null
    if [ $? -ge 1 ]; then
        echo "${hostname}: ${package} package not Installed. Installing via yum."
        echo
        /usr/bin/sudo /usr/bin/yum -y install ${package}
        if [ $? -ge 1 ]; then echo "${hostname}: Unable to install ${package}" ; exit 1 ; fi
    fi
}

upload_diag () {

    diag_basename=$(/bin/basename ${diag_file})

    #Create folder
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -X MKCOL \
        "https://dav.box.com/dav/${folder}"

    #Upload diag
    /usr/bin/sudo /usr/bin/curl \
        -u "${user}:${password}" \
        -o /dev/null \
        -# \
        -T ${diag_file} \
        "https://dav.box.com/dav/${folder}/${diag_basename}"

    if [ $? -eq 0 ]; then
        echo "${hostname}: Diag upload complete."
        echo "${hostname}: Deleting ${diag_file}"
        /usr/bin/sudo rm ${diag_file}
        exit 0
    else
        echo "${hostname}: Diag upload failed. Exiting."
        exit 1
    fi

}

#Make sure curl is installed. We need it to upload the diag file to box.com
install_package curl

#Create the diag file and store the filename in ${diag_file}
get_diag

#Upload ${diag_file} with curl
upload_diag

ppablo
Retired

Hi @jgarland_gap

Did you post this to share with the rest of the Splunk community? If yes, then thanks for being helpful!

Can you actually post the script as an answer in the "Enter your answer here..." box below, then accept the answer? This will resolve the post and make it easier for other users to find in search results. I'll upvote it once you do 🙂

Patrick

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...