shaggy

This is an xml manifest file that can be imported into Solaris 10s SMF framework and used to control (start|stop|restart) the Splunk server processes.

Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed.