minor lab corrections

Automation/automation.tex

@@ -780,7 +780,7 @@ \subsubsection{Transmitting alerts or search results}
 \tightlist
 \item
   \code{email(from, to, subject, message) error} - sends an email via SMTP.
-  The from field is simply a string, while to should be a slice of
+  The from field is simply a string, while the to field should be a slice of
   strings containing email addresses. The subject and message fields are
   also strings which should contain the subject line and body of the
   email.
@@ -1039,6 +1039,8 @@ \subsection{Hands-on Lab: Scripting}
 
 \begin{Verbatim}[breaklines=true]
 $ gravwell -insecure-no-https script
+Username:  admin
+Password:  changeme
 script file path>  /tmp/email-netflow.ank
 \end{Verbatim}
 

CLI/cli.tex

@@ -111,7 +111,7 @@ \section{Hands-on Lab: Basic CLI exploration}
 \begin{Verbatim}[breaklines=true]
 $ docker exec -it gravwell /bin/sh
 / # gravwell -insecure-no-https -b search
-query>  tag=default grep David
+query>  tag=json grep David
 time range> -6h
 Background search with ID 569547375 launched
 \end{Verbatim}

Indexers/Lab-Acceleration/config/gravwell.conf

@@ -21,20 +21,12 @@ Pipe-Ingest-Path=/opt/gravwell/comms/pipe
 	Delete-Cold-Data=true
 
 [Storage-Well "json"]
-	Tags=json
-	Location=/opt/gravwell/storage/json/
-	Accelerator-Name="json"
-	Accelerator-Args="class account.user account.email account.phone account.state account.country group ip"
+
 
 [Storage-Well "json2"]
-	Tags=json2
-	Location=/opt/gravwell/storage/json2/
-	Accelerator-Name="json"
-	Accelerator-Args="class account.user account.email account.phone account.state account.country group ip"
-	Accelerator-Engine-Override="index"
+
 
 [Storage-Well "json3"]
-	Tags=json3
-	Location=/opt/gravwell/storage/json3/
+
 
 

Indexers/Lab-Replication/config/gravwell.conf

@@ -16,11 +16,7 @@ Pipe-Ingest-Path=/opt/gravwell/comms/pipe
 
 ### Replication Configuration
 [Replication]
-	Peer=offlineserver
-	Storage-Location=/opt/gravwell/replication_storage
-	Disable-TLS=true
-	Connect-Wait-Timeout=60
-	Disable-Server=true
+
 
 ### Wells
 [Default-Well]

Indexers/indexers.tex

@@ -1008,7 +1008,7 @@ \subsection{Hands-on Lab: Acceleration}
 \begin{enumerate}
 	\item Storage location of \code{/opt/gravwell/storage/json}
 	\item Tag \code{json} assigned
-	\item \code{Accelerator-Name=json}
+	\item \code{Accelerator-Name="json"}
 	\item Extract the following fields:
 	\begin{enumerate}
 		\item \code{class account.user account.email account.phone account.state account.country group ip}
@@ -1076,9 +1076,9 @@ \subsubsection{\texorpdfstring{{}}{}}\label{h.cpnsaxr7kale}}
 	\begin{enumerate}
 		\item Storage location \code{/opt/gravwell/storage/json2}
 		\item Tag \code{json2} assigned
-		\item \code{Accelerator-Name=json}
+		\item \code{Accelerator-Name="json"}
 		\item Extract the following fields: \code{class account.user account.email account.phone account.state account.country group ip}
-		\item Set engine via \code{Accelerator-Engine-Override=index} parameter
+		\item Set engine via \code{Accelerator-Engine-Override="index"} parameter
 	\end{enumerate}
 	\item Name: \code{json3}
 	\begin{enumerate}

Ingesters/ingesters.tex

@@ -465,7 +465,7 @@ \subsubsection{Lab Questions}
 
 To clean up after the experiment, simply run:
 
-\code{docker kill \$(docker ps -a -q)}
+\code{docker rm \$(docker ps -a -q)}
 
 \clearpage
 \section{File Follower Ingester}
@@ -788,7 +788,7 @@ \subsection{Hands-On Lab: File Follower}
 when we created the container; this enables verbose mode, which allows us to see every entry
 the ingester reads \emph{and} the timestamp it derived from the log entry.
 Most ingesters support the -v flag. You can view the log output by running
-the command \code{docker log ingesters}; the following is a sample:
+the command \code{docker logs ingesters}; the following is a sample:
 
 \code{GOT 2019-03-09T13:12:59-07:00 Mar ~9 13:12:59 bombadil kernel:
 {[}7955880.007543{]} hub 2-1:1.0: 3 ports detected}
@@ -1007,7 +1007,7 @@ \subsection{Hands-on Lab: Windows logs}
 cd ~/gravwell_training/Ingesters/Lab-Winevent
 docker run -v $PWD/data:/tmp/data --rm -i --net gravnet \
 gravwell:ingesters /opt/gravwell/bin/reimport -rebase-timestamp \
--clear-conns test:4023 -i /tmp/data/winlog.json -import-format json
+-clear-conns test:4023 -i /tmp/data/winlog.json.gz -import-format json
 \end{Verbatim}
 
 Log into the web GUI (\href{http://localhost:8080}{http://localhost:8080}) and perform the following queries:

dockerfiles/go.mod

@@ -9,5 +9,5 @@ require (
 	github.com/gravwell/manager/v3 v3.3.12 // indirect
 	github.com/nerdalert/nflow-generator v0.0.0-20220501044009-5cc1c43806c2 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
-	golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
+	golang.org/x/sys v0.0.0-20220804182731-e052cef7d300 // indirect
 )

dockerfiles/go.sum

@@ -296,6 +296,10 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdp
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 h1:Y7NOhdqIOU8kYI7BxsgL38d0ot0raxvcW+EMQU2QrT4=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220804182731-e052cef7d300 h1:ymzm2lKPkdNE1FM0FAss9EdyGB+YzDN2P3jMJODYr2M=
+golang.org/x/sys v0.0.0-20220804182731-e052cef7d300/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=