Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- "This is Cindy, it is my new goatfriend"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With things winding down during the last days of 2014, I found myself a bit bored and as I was digging through the software to do some analysis and debugging, I found this Easter egg inside the splunk Splunk Universal Forwarder binary (6.2.1 build 245427) on AIX:
"This is Cindy, it is my new goatfriend!"
Anyway, not very relevant, but I thought it was funny and I'd like to share it. Background info is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This message is part of an assertion in the Splunk CLI, and thus should never be hit/visible outside of "strings" and friends.
Why is it there? Every good assertion should have a specific message associated with it, and "foo37" would be pretty boring... So it looks like at 01:37:29 on 2012/02/11, one of our Russian engineers decided to poke a little fun at our assortment of Albanian engineers. This is Splunk, so naturally, this is all factual. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This message is part of an assertion in the Splunk CLI, and thus should never be hit/visible outside of "strings" and friends.
Why is it there? Every good assertion should have a specific message associated with it, and "foo37" would be pretty boring... So it looks like at 01:37:29 on 2012/02/11, one of our Russian engineers decided to poke a little fun at our assortment of Albanian engineers. This is Splunk, so naturally, this is all factual. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not really an easter egg, but fun as well 🙂
|gentimes increment=7d start=-366|eval m=strftime(starttime,"%B")
|stats values(m) as m | map search="|gentimes start=-1
|eval j=\"751821021021381DDD431621DDD541641821031\"
|fields j|rex field=j max_match=0 (?<j>.)|mvexpand j|eval j=tonumber(j,16)
|stats list(j) as j|eval j=mvjoin(j,\",\")|rex max_match=0 field=j \"(?<j>\d+,\d+,\d+),*\"
|mvexpand j|eval m=$m$|makemv m"|rex field=j "(?<x>\d+),(?<y>\d+),(?<z>\d+)"
|eval s=substr(mvindex(m,x),y,z)|eval s=if(len(s)>0,s," ")
|rex mode=sed field=s "s/i/k/"|stats list(s) as s|eval s=mvjoin(s,"")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seasons update 🙂
|gentimes increment=7d start=-366|eval m=strftime(starttime,"%B") | dedup m
|stats values(m) as m| map search="|gentimes start=-1
|eval j=\"251241031031381000742731041152711011151\"
|fields j|rex field=j max_match=0 (?<j>.)|mvexpand j|eval j=tonumber(j,16)
|stats list(j) as j|eval j=mvjoin(j,\",\")|rex max_match=0 field=j \"(?<j>\d+,\d+,\d+),*\"
|mvexpand j|eval m=$m$|makemv m"|rex field=j "(?<x>\d+),(?<y>\d+),(?<z>\d+)"
|eval s=substr(mvindex(m,x),y,z)|eval s=if(len(s)>0,s," ")|eval s=lower(s)
|stats list(s) as s|eval "MuS whishes a"=mvjoin(s,"")|fields - s
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No "w" in any month names
🙂
Nice query anyway
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nice... lol
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
