|
it’s security-related software so almost certainly everything
|
# ? May 31, 2019 18:49 |
|
|
# ? Apr 29, 2024 05:39 |
|
wow rude
|
# ? May 31, 2019 18:51 |
|
power botton posted:what's so lovely about splunk in production it costs One Billion Dollars
|
# ? May 31, 2019 19:04 |
|
my anecdote is that splunk costs way too loving much for the amount of work you have to do on it and the biggest blocker to success is the infrastructure it runs on basically the useabilty is demonstrably not worth the huge cost increase. it was sick about 7 years ago before there was any competitor in the space
|
# ? May 31, 2019 19:07 |
|
Yeah splunk is good but it is stupidly expensive
|
# ? May 31, 2019 20:05 |
|
BangersInMyKnickers posted:humio. works pretty well except joins are a "coming soon" feature Wow that's aggressive Splunk like pricing. Which tier are you on? How is this not a billion dollars?
|
# ? May 31, 2019 20:28 |
|
power botton posted:what's so lovely about splunk in production Soricidus posted:it’s security-related software so almost certainly everything
|
# ? May 31, 2019 20:54 |
|
the splunk servers to index and store the logs are also more numerous than the app servers
|
# ? May 31, 2019 20:57 |
|
i have strong opinions about splunk despite being someone who maintains a splunk environment. it's not recommended also https://twitter.com/notdan/status/1134559331989434368 also lol https://twitter.com/nginxorg/status/1134524968052690944
|
# ? May 31, 2019 22:18 |
|
Mustache Ride posted:Wow that's aggressive Splunk like pricing. I'm dealing with the hardware and not so much the purchasing end of this, we wanted a 2-3TB/day license for splunk who demanded something in the 7 figgie range and humio is something like an order of magnitude (maybe two) cheaper for unlimited. Devs and support have been extremely good to work with, they're a bit green for the enterprise space though so there are growing pains but its getting better fast. It runs on sequential large-block IO with no indexing so specing the hardware is a completely different beast from Splunk. Read all the data in the time range off disk as fast as possible, regex it and discard what you don't want
|
# ? May 31, 2019 22:31 |
|
it's very likely that when i return to work late in the summer that i'll be migrating off of splunk to something else. elastic is a consideration but i am all ears on what everyone else is doing. humio does interest me but i am also nervous about a company green in the enterprise state right now we're looking to do 600 GB/day by the end of the year and i can tell that the splunk sales rep we have is dying for us to ask for a quote. he also knows that i am extremely unhappy with him as well as my boss so this ought to be entertaining
|
# ? May 31, 2019 22:34 |
|
Lain Iwakura posted:it's very likely that when i return to work late in the summer that i'll be migrating off of splunk to something else. elastic is a consideration but i am all ears on what everyone else is doing. humio does interest me but i am also nervous about a company green in the enterprise state we were in a similar position, looking to double our ingest license with even more on the horizon and the negotiations went back and for over a year with their people and our execs and every single time they refused to budge a single cent and pissed our people off so bad that we burned the bridge down. they won't play ball, I wouldn't even bother after they give you the first quote.
|
# ? May 31, 2019 22:44 |
|
Lain Iwakura posted:it's very likely that when i return to work late in the summer that i'll be migrating off of splunk to something else. elastic is a consideration but i am all ears on what everyone else is doing. humio does interest me but i am also nervous about a company green in the enterprise state Managed elastic, or run your own elastic ? The recent fall out between elastic and amazon has been very funny and they have had to open source most of the useful enterprise features like authentication BangersInMyKnickers posted:I'm dealing with the hardware and not so much the purchasing end of this, we wanted a 2-3TB/day license for splunk who demanded something in the 7 figgie range and humio is something like an order of magnitude (maybe two) cheaper for unlimited. Devs and support have been extremely good to work with, they're a bit green for the enterprise space though so there are growing pains but its getting better fast. It runs on sequential large-block IO with no indexing so specing the hardware is a completely different beast from Splunk. Read all the data in the time range off disk as fast as possible, regex it and discard what you don't want I'd be interested in hearing how hum.io works out, we'd briefly looked at them for a 50TB / day workload but had concerns about how new it was. jre fucked around with this message at 22:54 on May 31, 2019 |
# ? May 31, 2019 22:52 |
|
Lain Iwakura posted:he also knows that i am extremely unhappy with him as well as my boss so this ought to be entertaining BangersInMyKnickers posted:back and for over a year with their people and our execs and every single time they refused to budge a single cent and pissed our people off so bad Those peeps are literally throwing money out the window, it's amazing. Especially B2B discounting increased licensing is such a cheap way to keep people happy.
|
# ? May 31, 2019 22:56 |
|
BangersInMyKnickers posted:I'm dealing with the hardware and not so much the purchasing end of this, we wanted a 2-3TB/day license for splunk who demanded something in the 7 figgie range and humio is something like an order of magnitude (maybe two) cheaper for unlimited. Devs and support have been extremely good to work with, they're a bit green for the enterprise space though so there are growing pains but its getting better fast. It runs on sequential large-block IO with no indexing so specing the hardware is a completely different beast from Splunk. Read all the data in the time range off disk as fast as possible, regex it and discard what you don't want uhh that sounds really bad, surely it must be indexed by something (timestamp?)
|
# ? May 31, 2019 23:30 |
|
keyboard splunk
|
# ? Jun 1, 2019 00:07 |
|
abigserve posted:uhh that sounds really bad, surely it must be indexed by something (timestamp?) probably just partitioned by hour or something
|
# ? Jun 1, 2019 00:15 |
|
As someone who's owned a multi-10's-of-tb/day splunk deployment and now managing a piddly single gig one, they can mostly gently caress right off, they know they're best in class all around in ~enterprise~ land. That said, Humio are good people and I have enjoyed my interactions with them in sales and non-sales related encounters. I look forward to throwing them some dollars to grow what I believe what will be a new first in class application.
|
# ? Jun 1, 2019 04:29 |
|
why would they give a company that close of a name to spunk
|
# ? Jun 1, 2019 05:52 |
|
Elysiume posted:why would they give a company that close of a name to spunk I assume it's a play on spelunk
|
# ? Jun 1, 2019 06:30 |
|
Captain Foo posted:I assume it's a play on spelunk Why would they make the word for "exploring caves" so close to sp— oh
|
# ? Jun 1, 2019 06:42 |
|
Elysiume posted:why would they give a company that close of a name to spunk i'm not entirely convinced it isn't people in this thread trying to force a new meme like chome
|
# ? Jun 1, 2019 07:14 |
|
Stymie posted:i'm not entirely convinced it isn't people in this thread trying to force a new meme like chome (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Jun 1, 2019 08:44 |
please go into more mundane detail about corporate software pre sales and everyone's relationship to all the salespeople and what you talked about over lunch or you could start fighting the good fight https://www.change.org/p/slim-jim-i-want-there-to-be-an-official-slim-jim-emoji-328176e6-ced8-43e4-84bd-175c983da603/
|
|
# ? Jun 1, 2019 10:18 |
Blow nginx out its aes with this latest RCE PoC.
|
|
# ? Jun 1, 2019 11:39 |
|
lain you've got to stop repeating yourself
|
# ? Jun 1, 2019 11:50 |
|
|
# ? Jun 1, 2019 11:59 |
|
Soricidus posted:it’s security-related software so almost certainly everything Not gonna lie. I feel this in my bones
|
# ? Jun 1, 2019 14:45 |
|
Wiggly Wayne DDS posted:lain you've got to stop repeating yourself https://twitter.com/notdan/status/1134820610570313728?s=21
|
# ? Jun 1, 2019 15:01 |
|
abigserve posted:uhh that sounds really bad, surely it must be indexed by something (timestamp?) It does file segmentation based on some metadata tagging and time stamp so I knows what files contain the data you want, but there’s no indexing. Basically you give it sequential IO optimized storage (typically 64gbps is your limit for an 8x pcie storage controller) the compressed files are pulled off disk and your search filter is applied in real-time. In practice, that 64gbps results in about 64GB/s of logs search after deflation (matches really well against the 32c Epyc sockets) per controller and it scales wide really well. They also added in bloom filters for certain fields so it knows what file segments it can skip because there’s no data there and that can see upwards of a 5x performance increase in search speed from it. It’s weird but it works, you’ll need local storage because there’s no way to get enough storage bandwidth on ethernet to feed the thing. jre posted:
Be aware that they will advertise absurd ingest numbers and can absolutely hit them, but that’s because they’re taking the logs from the wire, running the real-time dashes against them before archiving the logs to disk. If you plan on searching through a deep retention of logs on a regular basis, you’re going to need a lot more CPU and disk to handle that use case. For reference, I’m building a platform that can search ~1.5TB/s of logs on about 350k of hw.
|
# ? Jun 1, 2019 16:04 |
It was loving great is wht it was.
|
|
# ? Jun 1, 2019 17:40 |
|
the sec gently caress here imo is that curl will decode any old thing
|
# ? Jun 1, 2019 17:52 |
|
nah, i'm pretty confident the secfuck is the dumb timeline we live in where it has somehow become normal and expected for people to paste commands into terminals that pipe curl output into a shell and where people will actually do that, for a command that they have explicitly been told is a loving code execution exploit. because if you can't trust exploit writers to not serve you an exploit, who can you trust?!!!
|
# ? Jun 1, 2019 18:04 |
|
Blinkz0rz posted:the sec gently caress here imo is that curl will decode any old thing curl's job is to just dump whatever the server responds with, usually to stdout; that is its whole purpose. Piping it blindly to sh on the other hand...
|
# ? Jun 1, 2019 18:06 |
|
On a very related note https://twitter.com/GossiTheDog/status/1131550912256839680
|
# ? Jun 1, 2019 18:07 |
|
ewiley posted:curl's job is to just dump whatever the server responds with, usually to stdout; that is its whole purpose. Piping it blindly to sh on the other hand... i was referring to it decoding the hex and connecting dummies piping output to sh is a whole different gently caress up
|
# ? Jun 1, 2019 18:11 |
|
Blinkz0rz posted:i was referring to it decoding the hex and connecting that's not a curl thing. try it with wget: same thing. try it in your web browser address bar: yup, that probably accepts hex too, at least firefox and safari both do. sorry you don't like the standard behavior of the internet
|
# ? Jun 1, 2019 18:19 |
|
ewiley posted:On a very related note lol 99% code in production is unknown these days "npm install" *10 billion lines of dependencies scroll by* "yep looks good to me, ship it!"
|
# ? Jun 1, 2019 18:21 |
|
Soricidus posted:that's not a curl thing. try it with wget: same thing. try it in your web browser address bar: yup, that probably accepts hex too, at least firefox and safari both do. that’s all bullshit left over from people getting cute with address parsing in the BSD inet4 utilities. it’s not in a standard (afaik) and nothing should support it. no legitimate use case needs to express a v4 address as undifferentiated 32-bit integer syntax; its only useful for phishing and such. I tried to kill it from Firefox like 15 years ago because people also wanted to support the IE nonsense of http://531.202.330.721/, but nooooo. 0x0238f06a should be interpreted as a hostname!
|
# ? Jun 1, 2019 18:37 |
|
|
# ? Apr 29, 2024 05:39 |
|
Blinkz0rz posted:the sec gently caress here imo is that curl will decode any old thing why does executing arbitrary code run the arbitrary code? good question.
|
# ? Jun 1, 2019 20:15 |