Unable to Run Search While Using map Command in Splunk

Sometimes errors are just a little too confusing for me on a Monday. I was trying to run the following search: | makeresults 1 | eval cheese_id="12345", index="cheese" | map search="index=$index$ cheese_id=$cheese_id$ sourcetype=cheese_info" | table cheese_id, name, description And couldn’t work out why it was throwing the following error: warn : Unable to run query index=cheese cheese_id=12345 sourcetype=cheese_info | table cheese_id, name, description. Turns out that if I’d squinted a little harder at the example in the documentation, I’d have realised that I need to prepend searches with search. [Read More]

Writing Rust-style Python

This post by @kobzol highlights some good methodologies for writing Python in a more defensive manner. I learned that typing.assert_never allows one to inform their IDE/type checker about code which should be unreachable. Similarly, simpler Union typing and the existence of the pyserde package make for more powerful access to data - but I’ll have to test serde against the venerable pydantic which has been my go-to for the longest time. [Read More]

Structures Are Not Supported for XSD `simpleType`s

I was trying to parse some XML (well, Atom, but you get it)… and started getting this while using the rust quick-xml crate.

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Unsupported("structures are not supported for XSD `simpleType`s")', examples/test_quickxml2.rs:79:42
[Read More]

Convincing Kubernetes to Trust a Backend

I run Kubernetes at home. Yeah, I’ve said it. It’s out there now.

Now we’re past that, here’s how to convince traefik to talk nicely to a HTTPS backend server, in this case a test instance of GoatNS. I use Terraform for my configuration management, k3s to build/control the platform, with its built-in traefik for routing traffic.

[Read More]