What's the coolest thing you've done with a single function?
You know how as you get better at Cribl Pipelines, you refactor as you learn better ways to do stuff? What's the coolest thing you've figured out how to do? Include a screenshot if you can.
Answers
-
I was able to take a gnarly headerless csv that used insane nested field combinations which determined field name mapping. This was with a code function.
One thing I stumbled upon was custom script collector that Cribl can trigger. my script was doing some fun stuff with just ad hoc data processing on a disk image file leveraging other tools.
Splunk Search collector that creates a table and it writes to a lookup table which is in turn is leveraged in a pipeline. (only works on single node unless you can figure the deploying at scale part).
Ive learned that there are so many ways to do the same thing. There are better ways out there I know exist but I was able to get things working in the methods above.
1 -
nice! Great ideas. I’d love to hear more from others!
0
