An Emacs mode for Splunk.
Paimon or Paymon is one of the Kings of Hell, more obedient to Lucifer than other kings are, and has two hundred legions of demons under his rule
Install the package from MELPA and run M-x paimon to search in your
Splunk enterprise. If you haven’t configured a paimon.el profile
yet, you will be guided through the setup process.
You can try out paimon.el by searching the Splunk server that comes with the Docker Compose file in this repository.
Let’s start the Splunk server with the following command:
docker-compose upNext, run M-x paimon and follow the instructions to setup a
paimon.el profile for the local Splunk server. You will be asked to
enter the following information and whether the password should be
saved or not:
- Authentication type:
basic - HTTP Protocol:
https - Hostname:
localhost - Port:
8089 - Identity:
admin - Password:
12345678
After entering this information you will end up in the
*paimon-search-jobs* buffer.
Let’s search the _internal index of the local Splunk server by
pressing c. You will be asked to enter a search command. Enter *
to search for everything.
Next, you will see a transient based menu where you can select some search options like the indexes, earliest and latest time of the search, etc.
Press -i, enter the _internal as the index and press c again to
create a Splunk search job.
You will see that a search job got created in the
*paimon-search-jobs* buffer, and another buffer will pop up that
shows the search results once preview results are available or the
search has been completed.
The search results buffer will show the first 250 results. To show the
next page of results press N, to go back to the previous page press
P.
That’s it. For more help on the keybindings press C-h m.
Profiles are used by paimon.el to decide which Splunk server is
used. A profile contains the HTTP protocol, the host and the port of
the Splunk server, as well as the authentication type and the identity
which is used to obtain the credential. You can list the available
profiles with M-x paimon-list-profiles.
In the *paimon-profiles* buffer you can create (c), delete (D),
set the default (d), or select (RET) a profile.
This package uses the Emacs’s auth-source library to obtain the credential used to authenticate with a Splunk server. It supports HTTP Basic or HTTP Bearer authentication. When setting up a profile you will be asked for a credential and whether it should be saved for future sessions or not.
If you choose to save the credential, it will be saved in one of the
files listed in auth-sources. The saved credentials of the Splunk
server that comes with the Docker Compose file in this repository
looks like this:
machine localhost login admin port 8089 password 12345678
Credentials are cached by Emacs’s auth-source library for the current
Emacs session. If you entered something wrong, run M-x
auth-source-forget-all-cached and try again.
Some code was taken and adapted from elfeed and forge, some inspiration from pepita. Thanks to skeeto, tarius and sebasmonia for their excellent packages and inspiration.
Copyright © 2022 r0man
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version.