https://www.taylormorrison.com/tx/austin/leander/travisso-60s-siena-collection/floor-plans/larimar

[MKKoppula]

https://www.taylormorrison.com/tx/austin/leander/travisso-60s-siena-collection/floor-plans/larimar

[MKKoppula]

https://candidatelaunch.onvue.com/?locale=en-US&access_code=411582401&chat=true&session_id=28626179

[MKKoppula]

https://prcommunityed.ce.eleyo.com/search?q=yut2324&redirected_yet=true&s=start_date&sf%5Bmax_age_month%5D=0&sf%5Bmax_age_year%5D=100&sf%5Bmin_age_month%5D=0&sf%5Bmin_age_year%5D=0&sf%5Bq%5D=yut2324&v=list-view

[MKKoppula]

makeresults eval ip=split("10.13.0.0 10.13.0.255 10.13.63.255 10.13.255.255 10.13.62.255 10.14.63.255", ") mvexpand ip eval result=if (cidrmatch("10.13.0.0/18", ip), "match", "no-match") eval regexmatch=if (match (ip, "10. 13. ([O-9]| [1-5]0-9."), "regex match", " no-match") eval blacklist="blacklist.0 = 10.13. ([0-9]|[1-5][0-9]|6[1-3])."

[MKKoppula]

[MKKoppula]

!/bin/bash

Check if the correct number of arguments is provided

if [ $# -ne 2 ]; then echo "Usage: $0 " exit 1 fi

input_file=$1 output_file=$2

Check if the input file exists

if [ ! -f "$input_file" ]; then echo "Input file not found: $input_file" exit 1 fi

Remove the output file if it already exists

if [ -f "$output_file" ]; then rm "$output_file" fi

Loop through each hostname in the input file and convert it to IP

while read -r hostname; do ip_address=$(host "$hostname" | awk '/has address/ {print $NF}') if [ -n "$ip_address" ]; then echo "$hostname,$ip_address" >> "$output_file" else echo "Failed to resolve the IP address for the hostname: $hostname" fi done < "$input_file"

echo "Conversion completed. Results written to: $output_file"

[MKKoppula]

match("%CDP-" value ("MSGHDR")) or match("%CDP-" value ("MSG")) or match("%LINK-" value ("MSGHDR")) or match("%LINK-" value ("MSG")) or match("%C4K_EBM-" value ("MSGHDR")) or match("%C4KEBM-" value ("MSG")) or match("%SFF" value ("MSGHDR")) or match("%SFF" value ("MSG")) or match("%IP-" value ("MSGHDR")) or match("%IP-" value ("MSG")) or match("%SEC-" value ("MSGHDR")) or match("%SEC-" value ("MSG")) or match("%C3800" value ("MSGHDR")) or match("%C3800" value ("MSG")) or match("%SEC-" value ("MSGHDR")) or match("%SEC-" value ("MSG")) or match("%ATM" value ("MSGHDR")) or match("%ATM" value ("MSG")) or match("%MV64340" value ("MSGHDR")) or match("%MV64340" value ("MSG")) or match("%EARL" value ("MSGHDR")) or match("%EARL" value ("MSG")) or match("%ILPOWER-" value ("MSGHDR")) or match("%ILPOWER-" value ("MSG")) or match("%PM-" value ("MSGHDR")) or match("%PM-" value ("MSG")) or match("%DIALER-" value ("MSGHDR")) or match("%DIALER-" value ("MSG")) or match("%SSH-" value ("MSGHDR")) or match("%SSH-" value ("MSG")) or match("%FW-" value ("MSGHDR")) or match("%FW-" value ("MSG")) or match("%RCMD-" value ("MSGHDR")) or match("%RCMD-" value ("MSG")) or match("%IP" value ("MSGHDR")) or match("%IP_" value ("MSG")) or match("%SSH-" value ("MSGHDR")) or match("%SSH-" value ("MSG"))

                    or match(" cst: " value ("MSGHDR"))             or match(" cst: " value ("MSG"))

or match("UTC%" value ("MSGHDR")) or match("UTC%" value ("MSG"))

                    or match("-Traceback=" value ("MSGHDR"))        or match("-Traceback=" value ("MSG"))
                    or match("%CRYPTO-" value ("MSGHDR"))           or match("%CRYPTO-" value ("MSG"))
                    or match("%DUAL-" value ("MSGHDR"))             or match("%DUAL-" value ("MSG"))
                    or match("%SYS-" value ("MSGHDR"))              or match("%SYS-" value ("MSG"))

                    or match("%LINEPROTO" value ("MSGHDR"))         or match("%LINEPROTO" value ("MSG"))
                    or match("connection id=" value ("MSGHDR"))     or match("connection id=" value ("MSG"))
                    or match("%VPN_HW" value ("MSGHDR"))            or match("%VPN_HW" value ("MSG"))
                    or match("%HSRP_ENGINE" value ("MSGHDR"))       or match("%HSRP_ENGINE" value ("MSG"))
                    or match("%BGP-" value ("MSGHDR"))              or match("%BGP-" value ("MSG"))
                    or match("%WCCP-" value ("MSGHDR"))             or match("%WCCP-" value ("MSG"))
                    or match("%CONTROLLER-" value ("MSGHDR"))       or match("%CONTROLLER-" value ("MSG"))
                    or match("ISAKMP:" value ("MSGHDR"))            or match("ISAKMP:" value ("MSG"))    

[MKKoppula]

or match("%CDP-" value ("MSGHDR")) or match("%LINK-" value ("MSGHDR")) or match("%C4KEBM-" value ("MSGHDR")) or match("%SFF" value ("MSGHDR")) or match("%IP-" value ("MSGHDR")) or match("%SEC-" value ("MSGHDR")) or match("%C3800" value ("MSGHDR")) or match ("%SEC" value ("MSGHDR")) or match ("%ATM" value ("MSGHDR")) or match ("%MV64340" value ("MSGHDR")) or match ("%EARL" value ("MSGHDR")) or match ("%ILPOWER-" value ("MSGHDR")) or match ("%PM-" value ("MSGHDR")) or match ("%DIALER-" value ("MSGHDR")) or match ("%SSH-" value ("MSGHDR")) or match ("%FW-" value ("MSGHDR")) or match ("%RCMD-" value ("MSGHDR")) or match ("%IP_" value ("MSGHDR"))

[MKKoppula]

@version: 3.28 @include "scl.conf"

source s_network { udp(); tcp(ip(0.0.0.0) port(514)); };

destination d_filtered { file("/var/log/filtered_logs.log"); };

filter f_exclude_dest_ip { not match("dest_ip=10.0.0.[0-9]{1,3}"); };

filter f_include_src_ip { match("src_ip=10.0.0.[0-9]{1,3}"); };

filter f_include_patterns { match("%FTD-1-430003" type("string")); match("%FTD-1-430002" type("string")); };

log { source(s_network); filter(f_exclude_dest_ip); filter(f_include_src_ip); filter(f_include_patterns); destination(d_filtered); };

[MKKoppula]

Estimating the additional vCPU and storage needed when adding 50 apps' worth of data to Splunk depends on several factors, including the volume of data these apps generate and the complexity of their searches. Here's a general approach to estimate the requirements:

1. Data Volume Estimation:

   • Determine the data volume generated by the 50 apps. You mentioned currently ingesting 5.5TB of data. Calculate the additional data volume these apps will produce daily, weekly, or monthly.

2. vCPU Estimation:

   • Splunk's vCPU usage is influenced by factors like search complexity, concurrent searches, and data ingestion rate.
   • Adding more data generally increases the search and indexing load, potentially requiring additional vCPUs.
   • Estimate the impact on search and indexing load based on the new data volume and the complexity of searches performed on this data.
   • Consult Splunk's documentation or use their sizing tools to estimate the required vCPUs based on the expected load.

3. Storage Estimation:

   • Calculate the additional storage needed for the data generated by the 50 apps. This depends on the data retention period and the average daily data ingestion.
   • You can use Splunk's Data Volume Estimation tools or perform a simple calculation based on data volume, retention, and compression ratios.

4. Consult Splunk Support:

   • For a precise estimation, consider reaching out to Splunk support. They can provide guidance specific to your environment and help with vCPU and storage requirements.

5. Monitoring and Adjustment:

   • Once the data is ingested and searches are running, monitor your Splunk environment closely to ensure it performs as expected. Adjust vCPU and storage resources as necessary to maintain optimal performance.

Remember that estimating resource requirements can be complex, and real-world usage can vary. It's always a good practice to start conservatively and scale up as needed based on actual performance and resource utilization. Splunk's documentation, support, and tools are valuable resources for accurate sizing and capacity planning.