add

deployment-apps/Splunk_TA_vcenter_Other/README

@@ -0,0 +1,5 @@
+Splunk_TA_vcenter version = 4.2.1
+
+For documentation, see: https://docs.splunk.com/Documentation/AddOns/released/VMWvcenterlogs/About
+    
+Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved.

deployment-apps/Splunk_TA_vcenter_Other/app.manifest

@@ -0,0 +1,52 @@
+{
+  "schemaVersion": "2.0.0", 
+  "info": {
+    "title": "Add-on for vCenter logs", 
+    "id": {
+      "group": null, 
+      "name": "Splunk_TA_vcenter", 
+      "version": "4.2.1"
+    }, 
+    "author": [
+      {
+        "name": "Splunk, Inc.", 
+        "email": "support@splunk.com", 
+        "company": "Splunk, Inc."
+      }
+    ], 
+    "releaseDate": null, 
+    "description": "This app collects vcenter log data", 
+    "classification": {
+      "intendedAudience": null, 
+      "categories": ["IT Operations"], 
+      "developmentStatus": null
+    }, 
+    "commonInformationModels": null, 
+    "license": {
+      "name": "Splunk Software License Agreement", 
+      "text": "license-eula.txt", 
+      "uri": "https://www.splunk.com/en_us/legal/splunk-software-license-agreement.html"
+    }, 
+    "privacyPolicy": {
+      "name": null, 
+      "text": null, 
+      "uri": null
+    }, 
+    "releaseNotes": {
+      "name": "README", 
+      "text": "README", 
+      "uri": "https://docs.splunk.com/Documentation/AddOns/released/VMWvcenterlogs/ReleaseNotes"
+    }
+  }, 
+  "dependencies": null, 
+  "tasks": null, 
+  "inputGroups": null, 
+  "incompatibleApps": null, 
+  "platformRequirements": null, 
+  "supportedDeployments": [
+    "_standalone", 
+    "_distributed",
+    "_search_head_clustering"
+  ], 
+  "targetWorkloads": "*"
+}

deployment-apps/Splunk_TA_vcenter_Other/default/app.conf

@@ -0,0 +1,21 @@
+#
+# Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved. 
+# Splunk app configuration file
+#
+
+[install]
+state = enabled
+is_configured = false
+build= 118
+
+[launcher]
+author=Splunk, Inc.
+description=This app collects vcenter log data  
+version=4.2.1
+
+[ui]
+is_visible = false
+label = Add-on for vCenter logs
+
+[package]
+id= Splunk_TA_vcenter

deployment-apps/Splunk_TA_vcenter_Other/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

deployment-apps/Splunk_TA_vcenter_Other/local/props.conf

@@ -0,0 +1,251 @@
+# Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved. 
+#Splunk Inc.  Splunk for VMWare vCenter Properties File
+#
+#props.conf - This file defines properties for different inputs
+
+#Stanzas defined for Windows vcenter server 6.x
+
+[source::(?-i)...\\VMware\\vCenterServer\\logs\\perfcharts\\stats.log(?:.\d+)?]
+sourcetype = vmware:vclog:stats
+MAX_TIMESTAMP_LOOKAHEAD = 25
+#stats.log contains both single and multi-line events - like java stack traces
+#optional return carriage - for first event - which we discard, then a square bracket and a timestamp
+LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}
+SHOULD_LINEMERGE = false
+TRUNCATE = 0
+
+[source::(?-i)...\\VMware\\vCenterServer\\logs\\vmware-vpx\\vpxd-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = true
+
+[source::(?-i)...\\VMware\\vCenterServer\\logs\\vmware-vpx\\vpxd-alert-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-alert
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = false
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+
+#These files are to be parsed as single line events, always
+[source::(?-i)...\\VMware\\vCenterServer\\logs\\vmware-vpx\\vpxd-profiler-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-profiler
+LINE_BREAKER = ([\r\n]+)
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+MAX_TIMESTAMP_LOOKAHEAD = 25
+DATETIME_CONFIG = CURRENT
+SHOULD_LINEMERGE = false
+EXTRACT-extract_kv_pairs = (?<key>.+)[\s](?<value>[^\s]+)$
+
+[source::(?-i)...\\VMware\\vCenterServer\\logs\\vws\\vws.log(?:.\d+)?]
+sourcetype = vmware:vclog:vws
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::...\\VMware\\Infrastructure\\...]
+sourcetype = vmware:vclog:tomcat
+
+###From VMWare v3.4.5,support for vCenter Server 5.x has ended.###
+#Stanzas defined for Windows vcenter server 5.x
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\cim-diag.log(?:.\d+)?]
+sourcetype = vmware:vclog:cim-diag
+MAX_TIMESTAMP_LOOKAHEAD = 25
+SHOULD_LINEMERGE = false
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\stats.log(?:.\d+)?]
+sourcetype = vmware:vclog:stats
+MAX_TIMESTAMP_LOOKAHEAD = 25
+#stats.log contains both single and multi-line events - like java stack traces
+#optional return carriage - for first event - which we discard, then a square bracket and a timestamp
+LINE_BREAKER = ([\r\n]+)\[\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3}
+SHOULD_LINEMERGE = false
+TRUNCATE = 0
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\vpxd-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = true
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\vpxd-alert-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-alert
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = false
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+
+#These files are to be parsed as single line events, always
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\vpxd-profiler-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-profiler
+LINE_BREAKER = ([\r\n]+)
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+MAX_TIMESTAMP_LOOKAHEAD = 25
+DATETIME_CONFIG = CURRENT
+SHOULD_LINEMERGE = false
+EXTRACT-extract_kv_pairs = (?<key>.+)[\s](?<value>[^\s]+)$
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\vws.log(?:.\d+)?]
+sourcetype = vmware:vclog:vws
+MAX_TIMESTAMP_LOOKAHEAD = 25
+SHOULD_LINEMERGE = false
+
+#Stanzas defined for Windows vcenter server 5.x and 6.x
+[source::...\\VMware\\...]
+sourcetype = vmware:vclog
+
+#Stanzas defined for Linux Server Appliance 6.x
+
+[source::(?-i).../var/log/vmware/perfcharts/stats.log(?:.\d+)?]
+sourcetype = vmware:vclog:stats
+MAX_TIMESTAMP_LOOKAHEAD = 25
+#stats.log contains both single and multi-line events - like java stack traces
+#optional return carriage - for first event - which we discard, then a square bracket and a timestamp
+LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}
+SHOULD_LINEMERGE = false
+TRUNCATE = 0
+
+[source::(?-i).../var/log/vmware/vpxd/vpxd-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = true
+
+[source::(?-i).../var/log/vmware/vpxd/vpxd-alert-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-alert
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = false
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+
+#These files are to be parsed as single line events, always
+[source::(?-i).../var/log/vmware/vpxd/vpxd-profiler-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-profiler
+LINE_BREAKER = ([\r\n]+)
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+MAX_TIMESTAMP_LOOKAHEAD = 25
+DATETIME_CONFIG = CURRENT
+SHOULD_LINEMERGE = false
+EXTRACT-extract_kv_pairs = (?<key>.+)[\s](?<value>[^\s]+)$
+
+[source::(?-i).../var/log/vmware/vws/...]
+sourcetype = vmware:vclog:vws
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::.../var/log/vmware/...]
+sourcetype = vmware:vclog
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+###From VMWare v3.4.5,support for vCenter Server 5.x has ended.###
+#Stanzas defined for Linux Server Appliance 5.x
+
+[source::(?-i).../var/log/vmware/vpx/cim-diag.log(?:.\d+)?]
+sourcetype = vmware:vclog:cim-diag
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::(?-i).../var/log/vmware/vpx/stats.log(?:.\d+)?]
+sourcetype = vmware:vclog:stats
+MAX_TIMESTAMP_LOOKAHEAD = 25
+#stats.log contains both single and multi-line events - like java stack traces
+#optional return carriage - for first event - which we discard, then a square bracket and a timestamp
+LINE_BREAKER = ([\r\n]+)\[\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3}
+SHOULD_LINEMERGE = false
+TRUNCATE = 0
+
+[source::(?-i).../var/log/vmware/vpx/vpxd-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = true
+
+[source::(?-i).../var/log/vmware/vpx/vpxd-alert-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-alert
+MAX_TIMESTAMP_LOOKAHEAD = 80
+SHOULD_LINEMERGE = false
+LINE_BREAKER = ([\r\n]+\**)\[?\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:[\+\-]\d{2}\:\d{2})?Z?\s+\[?
+
+#These files are to be parsed as single line events, always
+[source::(?-i).../var/log/vmware/vpx/vpxd-profiler-\d+.log(?:.\d+)?]
+sourcetype = vmware:vclog:vpxd-profiler
+LINE_BREAKER = ([\r\n]+)
+# Increase default Truncate value (10000 bytes)
+TRUNCATE = 30000
+MAX_TIMESTAMP_LOOKAHEAD = 25
+DATETIME_CONFIG = CURRENT
+SHOULD_LINEMERGE = false
+EXTRACT-extract_kv_pairs = (?<key>.+)[\s](?<value>[^\s]+)$
+
+[source::(?-i).../var/log/vmware/vpx/vws.log(?:.\d+)?]
+sourcetype = vmware:vclog:vws
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::(?-i).../var/log/vmware/vpx/tomcat/logs/...]
+sourcetype = vmware:vclog:tomcat
+KV_MODE = xml
+FIELDALIAS-generic-field = level as Level, message as Message
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::.../var/log/vmware/vpx/...]
+sourcetype = vmware:vclog
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+[source::(?-i).../var/log/vmware/vpx/sms.log(?:.\d+)?]
+sourcetype = vmware:vclog:sms
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+#Following log files are not available for vcenter server 5.x and 6.x.
+
+[source::(?-i)...\\VMware VirtualCenter\\Logs\\vim-tomcat-shared.log(?:.\d+)?]
+sourcetype = vmware:vclog:vim-tomcat-shared
+MAX_TIMESTAMP_LOOKAHEAD = 25
+
+#Stanza defined for Linux Server Appliance 5.5 and 6.x
+
+[vclog]
+SHOULD_LINEMERGE = false
+TRANSFORMS-vmwvclogsourcetype = set_vclog_sourcetype
+
+# Field Extractions for vCenter logs
+
+[vmware:vclog:vpxd]
+EVAL-Object = coalesce(Object, sub)
+REPORT-vpxd-5x = vc_vpxd_fields_5x
+REPORT-vpxd-6x = vc_vpxd_fields_6x
+TRANSFORMS-null1-5x = vmware_vpxd_level_null_5x
+TRANSFORMS-null1-6x = vmware_vpxd_level_null_6x
+TRANSFORMS-null4 = vmware_vpxd_retrieveContents_null
+TRANSFORMS-null5 = vmware_vpxd_null
+
+[vmware:vclog:vws]
+REPORT-vws-5x = vc_vws_fields_5x
+REPORT-vws-6x = vc_vws_fields_6x
+
+[vmware:vclog:stats]
+REPORT-stats-5x = vc_vws_fields_5x
+REPORT-stats-6x = vc_stats_fields_6x
+
+[vmware:vclog:cim-diag]
+REPORT-cim-5x = vc_cim_fields_5x
+
+[vmware:vclog:sms]
+REPORT-sms = vc_sms_fields
+
+[vmware:vclog:vpxd-profiler]
+TRANSFORMS-null3-5x = vmware_vpxd_level_null_5x
+TRANSFORMS-null3-6x = vmware_vpxd_level_null_6x
+EXTRACT-extract_kv_pairs = (vpxd-profiler\s)?(?<key>.+)[\s](?<value>[^\s]+)
+
+[vmware:vclog:vpxd-alert]
+TRANSFORMS-null2-5x = vmware_vpxd_level_null_5x
+TRANSFORMS-null2-6x = vmware_vpxd_level_null_6x
+
+[vmware:vclog:vim-tomcat-shared]
+REPORT-tomcat = vc_vws_fields_5x
+

deployment-apps/Splunk_TA_vcenter_Other/local/transforms.conf

@@ -0,0 +1,62 @@
+# Copyright (C) 2005-2021 Splunk Inc. All Rights Reserved.
+
+#Sourcetype Extraction
+[set_vclog_sourcetype]
+REGEX = ^([a-z\-]+)
+DEST_KEY = MetaData:Sourcetype
+FORMAT = sourcetype::vmware:vclog:$1
+
+###From VMWare v3.4.5,support for vCenter Server 5.x has ended.###
+# vCenter 5.5 (Linux & Windows) Field Extractions
+
+[vc_vpxd_fields_5x]
+REGEX = \d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z)\s\[\w+\s+(\w+)\s+\'(\S+)\'(?: opID=([^\s\x00-\x20]+))?\](.*)
+FORMAT = Offset::$1 Level::$2 Object::$3 opID::$4 Message::$5
+
+[vc_vws_fields_5x]
+REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s\S+\s*(\S+)\s([^\]]+)\]\s+(.*)
+FORMAT = Level::$1 Object::$2 Message::$3
+
+[vc_cim_fields_5x]
+REGEX = \[\d{4}\-\d{2}\-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+([^\]]+)\]\s+(.*)
+FORMAT = Object::$1 Message::$2
+
+
+# vCenter 6.x (Linux & Windows) Field Extractions
+
+[vc_vpxd_fields_6x]
+REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}([\+\-\s,][\d\:]{3,5}|Z|)\s(\w+)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(\S+))?(?:\s+[^\[\]]+)?\]\s+(.*)
+FORMAT = Offset::$1 Level::$2 opID::$3 Message::$4
+
+[vc_vws_fields_6x]
+REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z|)\s+(\w+)\s+\S+\s+(.*)
+FORMAT = Level::$1 Message::$2
+
+[vc_stats_fields_6x]
+REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s+\[\S+\s+(\S+)\s+([^\]]+)\]\s+(.*)
+FORMAT = Level::$1 Object::$2 Message::$3
+
+[vc_sms_fields]
+REGEX = ^(?:[^\s]+\s+){3}(\w+)\s+([^\s]+)\s+\-\s+(.*)
+FORMAT = Level::$1 Object::$2 Message::$3
+
+#NullQueues
+[vmware_vpxd_level_null_5x]
+DEST_KEY = queue
+FORMAT = nullQueue
+REGEX = \[\w+\s+(?:verbose|trivia)\s+\'(?:[^']+)\'(?: opID=(?:[^\s\x00-\x20]+))?(?:\s\S+)?\](?:.*)
+
+[vmware_vpxd_level_null_6x]
+DEST_KEY = queue
+FORMAT = nullQueue
+REGEX = \d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)\s(?:verbose|trivia)\s+\S+\[\w+\]\s+\[\S+\s+\S+(?:\s+opID=(?:\S+))?(?:\s+[^\[\]]+)?\]\s+(?:.*)
+
+[vmware_vpxd_retrieveContents_null]
+DEST_KEY = queue
+FORMAT = nullQueue
+REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents
+
+[vmware_vpxd_null]
+DEST_KEY = queue
+FORMAT = nullQueue
+REGEX = \[?\d{4}-\d{2}-\d{2}[T\s][\d\:\.]{8,15}(?:[\+\-\s,][\d\:]{3,5}|Z)?\s\[?(?:\w+\s)?(?:verbose|trivia|info.*?task-internal.*?vmodl\.query\.PropertyCollector\.retrieveContents)

deployment-apps/Splunk_TA_vcenter_Other/metadata/default.meta

@@ -0,0 +1,11 @@
+## shared Application-level permissions
+[]
+access = read : [ * ], write : [ admin ]
+export = system
+
+[savedsearches]
+owner = admin
+
+## Exclude export of custom alert actions
+[alert_actions/email]
+export = none

deployment-apps/Splunk_TA_vcenter_Other/splunkbase.manifest

@@ -0,0 +1,107 @@
+{
+  "version": "1.0",
+  "date": "2022-11-12T09:24:48.706112615Z",
+  "hashAlgorithm": "SHA-256",
+  "app": {
+    "id": 5601,
+    "version": "4.2.1",
+    "files": [
+      {
+        "path": "app.manifest",
+        "hash": "088f33c1fcca3213a5bde3af2fc649071772a804b07d3a62d43148cc174131a8"
+      },
+      {
+        "path": "default/app.conf",
+        "hash": "ee5045d039fd18bf818e11ca3d0d79adac5bdddba92bc29b1d4b0aae2bcd9b22"
+      },
+      {
+        "path": "default/inputs.conf",
+        "hash": "331dcd58605d844b519ae4ac4f050fb0694614d7ad1fbcab75c5833d202ec4ee"
+      },
+      {
+        "path": "default/props.conf",
+        "hash": "b959cebe81a491bc96af3417c426f660bce926210443b396b2d01a778940a04f"
+      },
+      {
+        "path": "default/transforms.conf",
+        "hash": "488538e99135c46fba1c6e12189d0bf62f936c722c772d472fff751eeb700978"
+      },
+      {
+        "path": "license-eula.rtf",
+        "hash": "8bc3fc5f9908c20081d3569b9d84114bcec6371acc520ee7324abf39e8107c73"
+      },
+      {
+        "path": "license-eula.txt",
+        "hash": "14a0a52e51f8d42465e5bc56d07b6f4ea6e0a159a96fb574410a0de0e700fdba"
+      },
+      {
+        "path": "metadata/default.meta",
+        "hash": "dcb9ea46d5f6697b8147ab2f85fcc4fc09149f8b5a8b657dcbbb6a9a9b513fe8"
+      },
+      {
+        "path": "README",
+        "hash": "6fb8700b3e87520cb9ea3a379ecfb6e6e31189b09fb43247ab3f7ffd0a899c3e"
+      },
+      {
+        "path": "static/appIcon_2x.png",
+        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
+      },
+      {
+        "path": "static/appIcon.png",
+        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
+      },
+      {
+        "path": "static/appIconAlt_2x.png",
+        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
+      },
+      {
+        "path": "static/appIconAlt.png",
+        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
+      }
+    ]
+  },
+  "products": [
+    {
+      "platform": "splunk",
+      "product": "enterprise",
+      "versions": [
+        "8.0",
+        "8.1",
+        "8.2",
+        "9.0"
+      ],
+      "architectures": [
+        "x86_64"
+      ],
+      "operatingSystems": [
+        "windows",
+        "linux",
+        "macos",
+        "freebsd",
+        "solaris",
+        "aix"
+      ]
+    },
+    {
+      "platform": "splunk",
+      "product": "cloud",
+      "versions": [
+        "8.0",
+        "8.1",
+        "8.2",
+        "9.0"
+      ],
+      "architectures": [
+        "x86_64"
+      ],
+      "operatingSystems": [
+        "windows",
+        "linux",
+        "macos",
+        "freebsd",
+        "solaris",
+        "aix"
+      ]
+    }
+  ]
+}