From 2c8af81586db3d715853d7894625683c0ae8153d Mon Sep 17 00:00:00 2001
From: mjfernez <mjf@mjfer.net>
Date: Mon, 22 Jul 2024 23:46:12 -0400
Subject: Make pandoc use main.css

---
 .../i-found-out-splunk-macros-are-awesome.html     | 170 +++------------------
 1 file changed, 20 insertions(+), 150 deletions(-)

(limited to 'tutorials/splunk/i-found-out-splunk-macros-are-awesome.html')

diff --git a/tutorials/splunk/i-found-out-splunk-macros-are-awesome.html b/tutorials/splunk/i-found-out-splunk-macros-are-awesome.html
index 10e8567..d1ea507 100644
--- a/tutorials/splunk/i-found-out-splunk-macros-are-awesome.html
+++ b/tutorials/splunk/i-found-out-splunk-macros-are-awesome.html
@@ -6,154 +6,23 @@
 <meta content="width=device-width, initial-scale=1.0, user-scalable=yes" name="viewport"/>
 <title>i-found-out-splunk-macros-are-awesome</title>
 <style>
-    html {
-      line-height: 1.5;
-      font-family: Georgia, serif;
-      font-size: 20px;
-      color: #1a1a1a;
-      background-color: #fdfdfd;
-    }
-    body {
-      margin: 0 auto;
-      max-width: 36em;
-      padding-left: 50px;
-      padding-right: 50px;
-      padding-top: 50px;
-      padding-bottom: 50px;
-      hyphens: auto;
-      overflow-wrap: break-word;
-      text-rendering: optimizeLegibility;
-      font-kerning: normal;
-    }
-    @media (max-width: 600px) {
-      body {
-        font-size: 0.9em;
-        padding: 1em;
-      }
-      h1 {
-        font-size: 1.8em;
-      }
-    }
-    @media print {
-      body {
-        background-color: transparent;
-        color: black;
-        font-size: 12pt;
-      }
-      p, h2, h3 {
-        orphans: 3;
-        widows: 3;
-      }
-      h2, h3, h4 {
-        page-break-after: avoid;
-      }
-    }
-    p {
-      margin: 1em 0;
-    }
-    a {
-      color: #1a1a1a;
-    }
-    a:visited {
-      color: #1a1a1a;
-    }
-    img {
-      max-width: 100%;
-    }
-    h1, h2, h3, h4, h5, h6 {
-      margin-top: 1.4em;
-    }
-    h5, h6 {
-      font-size: 1em;
-      font-style: italic;
-    }
-    h6 {
-      font-weight: normal;
-    }
-    ol, ul {
-      padding-left: 1.7em;
-      margin-top: 1em;
-    }
-    li > ol, li > ul {
-      margin-top: 0;
-    }
-    blockquote {
-      margin: 1em 0 1em 1.7em;
-      padding-left: 1em;
-      border-left: 2px solid #e6e6e6;
-      color: #606060;
-    }
-    code {
-      font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
-      font-size: 85%;
-      margin: 0;
-    }
-    pre {
-      margin: 1em 0;
-      overflow: auto;
-    }
-    pre code {
-      padding: 0;
-      overflow: visible;
-      overflow-wrap: normal;
-    }
-    .sourceCode {
-     background-color: transparent;
-     overflow: visible;
-    }
-    hr {
-      background-color: #1a1a1a;
-      border: none;
-      height: 1px;
-      margin: 1em 0;
-    }
-    table {
-      margin: 1em 0;
-      border-collapse: collapse;
-      width: 100%;
-      overflow-x: auto;
-      display: block;
-      font-variant-numeric: lining-nums tabular-nums;
-    }
-    table caption {
-      margin-bottom: 0.75em;
-    }
-    tbody {
-      margin-top: 0.5em;
-      border-top: 1px solid #1a1a1a;
-      border-bottom: 1px solid #1a1a1a;
-    }
-    th {
-      border-top: 1px solid #1a1a1a;
-      padding: 0.25em 0.5em 0.25em 0.5em;
-    }
-    td {
-      padding: 0.125em 0.5em 0.25em 0.5em;
-    }
-    header {
-      margin-bottom: 4em;
-      text-align: center;
-    }
-    #TOC li {
-      list-style: none;
-    }
-    #TOC ul {
-      padding-left: 1.3em;
-    }
-    #TOC > ul {
-      padding-left: 0;
-    }
-    #TOC a:not(:hover) {
-      text-decoration: none;
-    }
     code{white-space: pre-wrap;}
     span.smallcaps{font-variant: small-caps;}
-    span.underline{text-decoration: underline;}
-    div.column{display: inline-block; vertical-align: top; width: 50%;}
+    div.columns{display: flex; gap: min(4vw, 1.5em);}
+    div.column{flex: auto; overflow-x: auto;}
     div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
-    ul.task-list{list-style: none;}
+    /* The extra [class] is a hack that increases specificity enough to
+       override a similar rule in reveal.js */
+    ul.task-list[class]{list-style: none;}
+    ul.task-list li input[type="checkbox"] {
+      font-size: inherit;
+      width: 0.8em;
+      margin: 0 0.8em 0.2em -1.6em;
+      vertical-align: middle;
+    }
     .display.math{display: block; text-align: center; margin: 0.5rem auto;}
   </style>
+<link href="../../static/main.css" rel="stylesheet"/>
 </head>
 <body>
 <p>Macros are for more than just canned searches.</p>
@@ -173,13 +42,14 @@ time. That report might look something like this:</p>
 <p>I can easily review that lookup like so:</p>
 <p><code>| inputlookup vpn_users.csv</code></p>
 <p>My boss might be happy that I'm keeping an eye on things, but what's
-the historical picture? How do I know what's a red flag and what isn't?
-What I might do is combine all of the days reports into one each day,
-and then compare each today. But in the original report logic, this gets
-overwritten every 12 hours. You could just append forever, but then
-you're not looking at just twelve hours, unless you add a time
-constraint to your search. How do I get to a daily report without
-interrupting the reports already running?</p>
+the historical picture? How do I know what's a red flag and what
+isn't?</p>
+<p>What I might do is combine all of the days' reports into one each
+day, and then compare each one to today's. But in the original report
+logic, this gets overwritten every 12 hours. You could just append
+forever, but then you're not looking at just twelve hours, unless you
+add a time constraint to your search. How do I get to a daily report
+without interrupting the reports already running?</p>
 <p>One way to do it is to create a second combined report unique to that
 day, for example 'vpn_users-2022_11_17.csv'. The way you insert that
 text is with a macro, defined for the current date. For this particular
-- 
cgit v1.2.3