admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit with deployment server deployment apps

Browse Source
master
Splunk User 3 years ago
parent bcd5d13a88
commit d7abf6cbce
78 changed files with 1392 additions and 0 deletions
Show Stats Download Patch File Download Diff File

0
.ui_login
Unescape View File

225
datetime.xml
Unescape View File

@ -0,0 +1,225 @@
<!-- Version 5.0 -->
<!-- datetime.xml -->
<!-- This file contains the general formulas for parsing date/time formats. -->
<datetime>
<define name="_year" extract="year">
<text><![CDATA[(20\d\d|19\d\d|[9012]\d(?!\d))]]></text>
</define>
<define name="_month" extract="month">
<text><![CDATA[(0?[1-9]|1[012])(?!:)]]></text>
</define>
<define name="_litmonth" extract="litmonth">
<text><![CDATA[(?<![\d\w])(jan|\x{4E00}\x{6708}|feb|\x{4E8C}\x{6708}|mar|\x{4E09}\x{6708}|apr|\x{56DB}\x{6708}|may|\x{4E94}\x{6708}|jun|\x{516D}\x{6708}|jul|\x{4E03}\x{6708}|aug|\x{516B}\x{6708}|sep|\x{4E5D}\x{6708}|oct|\x{5341}\x{6708}|nov|\x{5341}\x{4E00}\x{6708}|dec|\x{5341}\x{4E8C}\x{6708})[a-z,\.;]*]]></text>
</define>
<define name="_allmonth" extract="litmonth, month">
<text><![CDATA[(?:]]></text>
<use name="_litmonth"/>
<text><![CDATA[|]]></text>
<use name="_month"/>
<text><![CDATA[)]]></text>
</define>
<define name="_day" extract="day">
<text><![CDATA[(0?[1-9]|[12]\d|3[01])]]></text>
</define>
<define name="_usday" extract="day">
<use name="_day"/>
<text><![CDATA[(?:st|nd|rd|th|[,\.;])?]]></text>
</define>
<define name="_hour" extract="hour">
<text><![CDATA[([01]?[0-9]|[012][0-3])(?!\d)]]></text>
</define>
<define name="_minute" extract="minute">
<text><![CDATA[([0-6]\d)(?!\d)]]></text>
</define>
<define name="_second" extract="second">
<text><![CDATA[([0-6]\d)(?!\d)]]></text>
</define>
<define name="_zone" extract="zone">
<text><![CDATA[((?:(?:UT|UTC|GMT(?![+-])|CET|CEST|CETDST|MET|MEST|METDST|MEZ|MESZ|EET|EEST|EETDST|WET|WEST|WETDST|MSK|MSD|IST|JST|KST|HKT|AST|ADT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|CAST|CADT|EAST|EADT|WAST|WADT|Z)|(?:GMT)?[+-]\d\d?:?(?:\d\d)?)(?!\w))?]]></text>
</define>
<define name="_ampm" extract="ampm">
<text><![CDATA[([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348})?]]></text>
</define>
<define name="_time" extract="hour, minute, second, subsecond, ampm, zone">
<text><![CDATA[(?<!\d)]]></text>
<use name="_hour"/>
<text><![CDATA[:]]></text>
<use name="_minute"/>
<text><![CDATA[:]]></text>
<use name="_second"/>
<text><![CDATA[(?:(?: \d{4})?[:,\.](\d+))? {0,2}]]></text>
<use name="_ampm"/>
<text><![CDATA[ {0,2}]]></text>
<use name="_zone"/>
<text><![CDATA[(?!:\d)]]></text>
</define>
<define name="_hmtime" extract="hour, minute, ampm">
<text><![CDATA[(?<!\d)]]></text>
<use name="_hour"/>
<text><![CDATA[:]]></text>
<use name="_minute"/>
<text><![CDATA[(?: ([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348}))?(?!:[:\d])]]></text>
</define>
<define name="_dottime" extract="hour, minute, second, subsecond, zone">
<text><![CDATA[(?<![\d\.])([01]\d|2[0-3])\.]]></text>
<use name="_minute"/>
<text><![CDATA[(?:\.?]]></text>
<use name="_second"/>
<text><![CDATA[(?:[:,]\d+)?(?:\.(\d\d\d\d+))?) {0,2}]]></text>
<use name="_zone"/>
<text><![CDATA[(?![0-9\.])]]></text>
</define>
<define name="_combdatetime" extract="year, month, day, hour, minute, second, subsecond">
<!-- ... 20060502-000002 GMT ... -->
<text><![CDATA[(?<![\d\.])(20\d\d)(0\d|1[012])([012]\d|3[01])[.-]?([01]\d|2[0123])([0-6]\d)([0-6]\d)(?:\.?(\d+))?]]>\s*</text>
<use name="_zone"/>
</define>
<define name="_combdatetime2" extract="year, ignored_sep, month, day, hour, minute, second, zone">
<!-- ... 2007-3-22 0:0:2 GMT ...' -->
<!-- ... 2007/3/22 0:0:2 GMT ...' -->
<text><![CDATA[(?<![\d\.])(20\d\d)([-/])([01]?\d)\2([012]?\d|3[01])\s+([012]?\d):([0-6]?\d):([0-6]?\d)]]>\s*</text>
<use name="_zone"/>
</define>
<define name="_usdate" extract="litmonth, month, ignored_sep, day, zone, ignored_sep2, year">
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
<use name="_allmonth"/>
<text><![CDATA[([/\- ]) {0,2}]]></text>
<use name="_day"/>
<text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
<use name="_zone"/>
<text><![CDATA[)?((?:\3|,) {0,2}]]></text>
<use name="_year"/>
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
</define>
<!-- Jan 21, 09. allows spaces with litmonth only -->
<define name="_usdate1" extract="litmonth, ignored_sep, day, zone, ignored_sep2, year">
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
<use name="_litmonth"/>
<text><![CDATA[([/\- ]) {0,2}]]></text>
<use name="_day"/>
<text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
<use name="_zone"/>
<text><![CDATA[)?((?:\2|,) {0,2}]]></text>
<use name="_year"/>
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
</define>
<!-- 10/21/09. doesn't allow spaces (e.g. 10 21 09) with numeric month -->
<define name="_usdate2" extract="month, ignored_sep, day, zone, ignored_sep2, year">
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
<use name="_month"/>
<text><![CDATA[([/\-])]]></text>
<use name="_day"/>
<text><![CDATA[(?!:)(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
<use name="_zone"/>
<text><![CDATA[)?((?:\2)]]></text>
<use name="_year"/>
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
</define>
<define name="_isodate" extract="year, ignored_sep, litmonth, month, day">
<text><![CDATA[(?<![\w\d])]]></text>
<use name="_year"/>
<text><![CDATA[([\./\- ])]]></text>
<use name="_allmonth"/>
<text><![CDATA[(?!\d)(?:[\./\- ] {0,2})?]]></text>
<use name="_day"/>
<text><![CDATA[(?!/)(?:(?=T)|(?!\w)(?!\.\d))]]></text>
</define>
<!-- eurodate format. period/dot delim separated out to eurodate2 -->
<define name="_eurodate1" extract="day, ignored_sep, litmonth, month, year">
<text><![CDATA[(?<![\w\.])]]></text>
<use name="_usday"/>
<text><![CDATA[([\- /]) {0,2}]]></text>
<use name="_allmonth"/>
<text><![CDATA[\2 {0,2}]]></text>
<use name="_year"/>
<text><![CDATA[(?![\w\.])]]></text>
</define>
<!-- just period/dot delimiter. do not allow any spaces after dots (e.g. "version 5.4. 10" -->
<define name="_eurodate2" extract="day, litmonth, month, year">
<text><![CDATA[(?<![\w\.])]]></text>
<use name="_usday"/>
<text><![CDATA[\.]]></text>
<use name="_allmonth"/>
<text><![CDATA[\.]]></text>
<use name="_year"/>
<text><![CDATA[(?![\w\.])]]></text>
</define>
<define name="_bareurlitdate" extract="day, litmonth, year">
<text><![CDATA[(\d\d?)\|\|(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\|\|(20\d\d)]]></text>
</define>
<define name="_orddate" extract="year, ord">
<text><![CDATA[\s([01]\d)([0123]\d\d)\s]]></text>
</define>
<!-- due to high number of false positive matches, this format is
limited to special cases. either at the start of a line or in
filename matches only, by prefixing with a "source::" -->
<!-- don't allow multiple spaces after mashed date. indicates number in column -->
<define name="_masheddate" extract="year, month, day">
<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.|-)(?:20)?([9012]\d)(0\d|1[012])([012]\d|3[01])(?!\d|-| {2,})]]></text>
</define>
<define name="_masheddate2" extract="month, day, year">
<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.)(0\d|1[012])([012]\d|3[01])(?:20)?([9012]\d)(?!\d| {2,})]]></text>
</define>
<define name="_utcepoch" extract="utcepoch, subsecond">
<!-- update regex before '2030' -->
<text><![CDATA[((?<=^|[\s#,"=\(\[\|\{])(?:1[012345678])\d{8}|^@[\da-fA-F]{16,24})(?:\.?(\d{1,6}))?(?![\d\(])]]></text>
</define>
<timePatterns>
<use name="_time"/>
<use name="_hmtime"/>
<use name="_hmtime"/>
<use name="_dottime"/>
<use name="_combdatetime"/>
<use name="_utcepoch"/>
<use name="_combdatetime2"/>
</timePatterns>
<datePatterns>
<use name="_usdate1"/>
<use name="_usdate2"/>
<use name="_isodate"/>
<use name="_eurodate1"/>
<use name="_eurodate2"/>
<use name="_bareurlitdate"/>
<use name="_orddate"/>
<use name="_combdatetime"/>
<use name="_masheddate"/>
<use name="_masheddate2"/>
<use name="_combdatetime2"/>
</datePatterns>
</datetime>

11
deployment-apps/01-Conf_license_slave/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Configure instance as License Slave
[package]
id = Conf_license_slave
[ui]
is_visible = false

9
deployment-apps/01-Conf_license_slave/default/server.conf
Unescape View File

@ -0,0 +1,9 @@
# In distributed environments, it's common to have a lone search head acting
# as the license master as well. In this configuration, providing the URI
# of the license master is easiest within the indexer_base configuration.
# In the event that there are multiple search heads, you could instead use
# the org_all_license app, shipped to the non-license SH, as well as all of
# the indexers. In either event, the settings are the same.
[license]
master_uri = https://SRVLM01.jpit.com:8089

1
deployment-apps/01-Conf_license_slave/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

11
deployment-apps/01-idx_kvstore_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Disable Kvstore on Indexers
[package]
id = edf_idx_kvstore_base
[ui]
is_visible = false

4
deployment-apps/01-idx_kvstore_base/default/server.conf
Unescape View File

@ -0,0 +1,4 @@
# kvstore not needed on indexers, let's disable it
# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
[kvstore]
disabled = true

1
deployment-apps/01-idx_kvstore_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

11
deployment-apps/01-idx_receiver_port/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Enable receiving on Indexer layer
[package]
id = edf_idx_receiver_port
[ui]
is_visible = false

1
deployment-apps/01-idx_receiver_port/default/inputs.conf
Unescape View File

@ -0,0 +1 @@
[splunktcp://9997]

1
deployment-apps/01-idx_receiver_port/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

BIN
deployment-apps/01-idx_volume_indexes/.DS_Store vendored
View File

Binary file not shown.

11
deployment-apps/01-idx_volume_indexes/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Contient la configuration des volumes de données
[package]
id = edf_idx_volume_indexes
[ui]
is_visible = false

7
deployment-apps/01-idx_volume_indexes/default/indexes.conf
Unescape View File

@ -0,0 +1,7 @@
[volume:primary]
path = /data/splunk_data
maxVolumeDataSizeMB = 60000
[volume:secondary]
path = /data_cold/splunk_data
maxVolumeDataSizeMB = 240000

1
deployment-apps/01-idx_volume_indexes/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

3
deployment-apps/01-idx_volume_indexes/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

BIN
deployment-apps/01-idx_web_base/.DS_Store vendored
View File

Binary file not shown.

11
deployment-apps/01-idx_web_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = Mattys Hervé (OBS)
description = Disable Web access on Indexers
[package]
id = odin_idx_web_base
[ui]
is_visible = false

12
deployment-apps/01-idx_web_base/default/web.conf
Unescape View File

@ -0,0 +1,12 @@
# In larger environments, where there are more than, say, three indexers,
# it's common to disable the Splunk UI. This helps avoid configuration issues
# caused by logging in to the UI to do something directly via the manager,
# as well as saving some system resources.
[settings]
startwebserver = 0
# avoid timeout when indexer loaded
splunkdConnectionTimeout = 120

1
deployment-apps/01-idx_web_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

11
deployment-apps/02-M-TIC_CM/local/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
author = VABOS
description = Configure Distributed Search for Monitoring Console
version = 1.0
[package]
id = MAQ_M-TIC_DSMC
[ui]
is_visible = false

19
deployment-apps/02-M-TIC_CM/local/distsearch.conf
Unescape View File

@ -0,0 +1,19 @@
[distributedSearch:dmc_group_search_head]
servers = localhost:localhost
[distributedSearch:dmc_group_cluster_master]
[distributedSearch:dmc_group_license_master]
[distributedSearch:dmc_group_deployment_server]
[distributedSearch:dmc_group_indexer]
default = false
servers = SRVIDX01.jpit.com:8089,SRVIDX02.jpit.com:8089
[distributedSearch:dmc_group_shc_deployer]
[distributedSearch:dmc_group_kv_store]
[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
servers = localhost:localhost,SRVIDX01.jpit.com:8089,SRVIDX02.jpit.com:8089

11
deployment-apps/02-M-TIC_all_forwarding_outputs/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0
author = VABOS
description = Enable forwarding to Indexer layer
[package]
id = m-tic_all_forwarding_outputs
[ui]
is_visible = false

12
deployment-apps/02-M-TIC_all_forwarding_outputs/default/outputs.conf
Unescape View File

@ -0,0 +1,12 @@
# BASE SETTINGS
[tcpout]
# Change here to specify the indexer group
defaultGroup = m-tic_indexer
maxQueueSize = 7MB
useACK = true
forceTimebasedAutoLB = true
[tcpout:m-tic_indexer]
server = SRVIDX01.jpit.com:9997, SRVIDX02.jpit.com:9997
~

1
deployment-apps/02-M-TIC_all_forwarding_outputs/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

9
deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

4
deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,4 @@
[monitor:///var/rsyslog/*/catchother/*/*/*.log]
disabled = false
index = idx_m-tic_catchall
sourcetype = catchall

3
deployment-apps/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

9
deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

4
deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,4 @@
[monitor:///var/rsyslog/*/cisco/.../*.log]
disabled = false
index = idx_m-tic_cisco
sourcetype = cisco

3
deployment-apps/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

9
deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_update = false
[ui]
is_visible = false
is_manageable = false

12
deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf
Unescape View File

@ -0,0 +1,12 @@
[tcpout]
defautlGroup = primary_indexers
maxQueuSize = 100MB
useACK = true
forceTimebaseAutoLB = true
forwardedindex.2.whitelist = (_audit|_introspection|_internal)
[tcpout:primary_indexers]
server = SRVIDX01.jpit.com:9997, SRVIDX02.jpit.com:9997
#clientCert = $SPLUNK_HOME/etc/auth/server.pem
#sslPassword =

2
deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/server.conf
Unescape View File

@ -0,0 +1,2 @@
[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem

11
deployment-apps/02-M-TIC_cluster_master_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Configure Cluster Master
[package]
id = M-TIC_cluster_master_base
[ui]
is_visible = false

5
deployment-apps/02-M-TIC_cluster_master_base/default/server.conf
Unescape View File

@ -0,0 +1,5 @@
[clustering]
cluster_label = Cluster_M-TIC
mode = master
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
replication_factor = 2

1
deployment-apps/02-M-TIC_cluster_master_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

9
deployment-apps/02-M-TIC_deployer_base/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_update = false
[ui]
is_visible = false
is_manageable = false

3
deployment-apps/02-M-TIC_deployer_base/local/server.conf
Unescape View File

@ -0,0 +1,3 @@
[shclustering]
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
shcluster_label = M-TIC_shcluster

9
deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

4
deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,4 @@
[monitor:///var/rsyslog/*/esxi/*/*/*.log]
disabled = false
index = idx_m-tic_esxi
sourcetype = esxi

3
deployment-apps/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

9
deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

4
deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,4 @@
[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
disabled = false
index = idx_m-tic_fortigate
sourcetype = fortigate

3
deployment-apps/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

BIN
deployment-apps/02-M-TIC_idx_cluster_base/.DS_Store vendored
View File

Binary file not shown.

11
deployment-apps/02-M-TIC_idx_cluster_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Configure default clustering options on Indexers
[package]
id = M-TIC_idx_cluster_base
[ui]
is_visible = false

2
deployment-apps/02-M-TIC_idx_cluster_base/default/fields.conf
Unescape View File

@ -0,0 +1,2 @@
[edfZone]
INDEXED = true

6
deployment-apps/02-M-TIC_idx_cluster_base/default/server.conf
Unescape View File

@ -0,0 +1,6 @@
[replication_port://9100]
[clustering]
manager_uri = https://SRVCLM01.jpit.com:8089
mode = peer
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=

1
deployment-apps/02-M-TIC_idx_cluster_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

11
deployment-apps/02-M-TIC_idx_indexes_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Configure default optimisation on Indexers
[package]
id = edf_idx_indexes_base
[ui]
is_visible = false

65
deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf
Unescape View File

@ -0,0 +1,65 @@
[default]
thawedPath = $SPLUNK_DB/$_index_name/thaweddb
coldPath = volume:secondary/$_index_name/colddb
homePath = volume:primary/$_index_name/db
tstatsHomePath = volume:primary/$_index_name/datamodel_summary
tsidxWritingLevel = 4
journalCompression = zstd
enableDataIntegrityControl = 0
enableTsidxReduction = 0
archiver.enableDataArchive = 0
compressRawdata = 1
enableOnlineBucketRepair = 1
rtRouterQueueSize =
rtRouterThreads =
selfStorageThreads =
suspendHotRollByDeleteQuery = 0
syncMeta = 1
maxTotalDataSizeMB = 5000
[idx_m-tic_windows]
[idx_m-tic_fortigate]
[idx_m-tic_linux]
[idx_m-tic_esxi]
[vmware-esxilog]
[vmware-perf-metrics]
datatype = metric
[vmware-inv]
[vmware-taskevent]
[vmware-vclog]
[idx_m-tic_alcatel]
[idx_m-tic_cisco]
[idx_m-tic_switch]
[idx_m-tic_catchall]
[idx_m-tic_catchother]
[idx_m-tic_other]
[idx_m-tic_glpi]
[idx_m-tic_glpi_vm]
[idx_m-tic_glpi_kb]
[idx_m-tic_glpi_sep]
[idx_m-tic_glpi_obsolescence]
[idx_m-tic_genetec_sc]
[idx_ldap]
[idx_m-tic_synology]

1
deployment-apps/02-M-TIC_idx_indexes_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

9
deployment-apps/02-M-TIC_linux_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

5
deployment-apps/02-M-TIC_linux_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,5 @@
[monitor:///var/rsyslog/*/linux/.../*.log]
disabled = 0
host_segment = 6
index = idx_m-tic_linux
sourcetype = syslog_linux

3
deployment-apps/02-M-TIC_linux_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

9
deployment-apps/02-M-TIC_sh_cluster_base/default/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

0
deployment-apps/02-M-TIC_sh_cluster_base/default/authorize.conf
Unescape View File

0
deployment-apps/02-M-TIC_sh_cluster_base/default/fields.conf
Unescape View File

17
deployment-apps/02-M-TIC_sh_cluster_base/default/server.conf
Unescape View File

@ -0,0 +1,17 @@
[clustering]
mode = searchhead
manager_uri = clustermanager:one
[clustermanager:one]
manager_uri = https://SRVCLM01.jpit.com:8089
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
multisite = false
[shclustering]
shcluster_label = M-TIC_shcluster
conf_deploy_fetch_url = https://SRVDSMC.jpit.com:8089
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
[httpServer]
maxThreads = 150000
maxSockets = 250000

1
deployment-apps/02-M-TIC_sh_cluster_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

3
deployment-apps/02-M-TIC_sh_cluster_base/metadata/default.meta
Unescape View File

@ -0,0 +1,3 @@
[]
acces = read : [ * ], write : [ admin ]
export = system

11
deployment-apps/02-M-TIC_sh_idxcluster_base/default/app.conf
Unescape View File

@ -0,0 +1,11 @@
[launcher]
version = 1.0.0
author = VABOS
description = Configure Search Head for IDX Clustering
[package]
id = M-TIN_sh_idxcluster_base
[ui]
is_visible = false

9
deployment-apps/02-M-TIC_sh_idxcluster_base/default/server.conf
Unescape View File

@ -0,0 +1,9 @@
[general]
site = site2
[clustering]
multisite = true
master_uri = https://SRVCLM01.jpit.com:8089
mode = searchhead
pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza

1
deployment-apps/02-M-TIC_sh_idxcluster_base/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

9
deployment-apps/02-M-TIC_sh_volume_indexes/default/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_update = false
[ui]
is_visible = false
is_manageable = false

6
deployment-apps/02-M-TIC_sh_volume_indexes/default/indexes.conf
Unescape View File

@ -0,0 +1,6 @@
# One Volume for Hot and Cold
[volume:primary]
path = /opt/splunk/var/lib/splunk
[volume:secondary]
path = /opt/splunk/var/lib/splunk

1
deployment-apps/02-M-TIC_sh_volume_indexes/local/app.conf
Unescape View File

@ -0,0 +1 @@
# Autogenerated file

9
deployment-apps/02-M-TIC_windows_forwarders_inputs/local/app.conf
Unescape View File

@ -0,0 +1,9 @@
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false

7
deployment-apps/02-M-TIC_windows_forwarders_inputs/local/inputs.conf
Unescape View File

@ -0,0 +1,7 @@
[WinEventLog]
interval=60
evt_resolve_ad_obj = 0
evt_dc_name=
evt_dns_name=
index = idx_m-tic_windows
sourcetype = events_windows

3
deployment-apps/02-M-TIC_windows_forwarders_inputs/metadata/local.meta
Unescape View File

@ -0,0 +1,3 @@
[]
access = read : [ * ], write : [ admin ]
export = system

30
deployment-apps/For_MC/local/distsearch.conf
Unescape View File

@ -0,0 +1,30 @@
[distributedSearch:dmc_group_cluster_master]
servers = SRVCLM01.jpit.com:8089
[distributedSearch:dmc_group_deployment_server]
servers = localhost:localhost
[distributedSearch:dmc_group_kv_store]
servers = SRVCLM01.jpit.com:8089,SRVSH01.jpit.com:8089,SRVSH02.jpit.com:8089
[distributedSearch:dmc_group_search_head]
servers = SRVSH01.jpit.com:8089,SRVSH02.jpit.com:808
[distributedSearch:dmc_group_indexer]
default = true
servers = SRVIDX01.jpit.com:8089,SRVIDX02.jpit.com:8089
[distributedSearch:dmc_group_shc_deployer]
servers = localhost:localhost
[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
servers = SRVIDX01.jpit.com:8089,SRVIDX02.jpit.com:8089,SRVCLM01.jpit.com:8089,SRVSH01.jpit.com:8089,SRVSH02.jpit.com:8089
[distributedSearch:dmc_group_license_master]
servers = SRVLM01.jpit.com:8089
[distributedSearch:dmc_searchheadclustergroup_M-TIC_shcluster]
servers = localhost:localhost,SRVSH01.jpit.com:8089,SRVSH02.jpit.com:8089
[distributedSearch]
servers = https://SRVCLM01.jpit.com:8089,https://SRVLM01.jpit.com:8089,https://SRVSH01.jpit.com:8089,https://SRVSH02.jpit.com:8089

1
deployment-apps/For_MC/local/health.conf
Unescape View File

@ -0,0 +1 @@
[distributed_health_reporter]

6
deployment-apps/README
Unescape View File

@ -0,0 +1,6 @@
This directory is the default repository location for deployable apps in a deployment server
configuration.
For details on configuring as a deployment server, see
$SPLUNK_HOME/etc/system/README/serverclass.conf.spec, serverclass.conf.example or the Admin manual
at http://docs.splunk.com/Documentation.

4
deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
Unescape View File

@ -0,0 +1,4 @@
[settings]
mc_auto_config = enabled
disabled = 0
configuredPeers = SRVSH01.jpit.com:8089,SRVSH02.jpit.com:8089,SRVIDX01.jpit.com:8089,SRVIDX02.jpit.com:8089,SRVLM01.jpit.com:8089,SRVCLM01.jpit.com:8089

632
searchLanguage.xml
Unescape View File

@ -0,0 +1,632 @@
<!-- Version 4.0 -->
<language>
<options>
<useAdvancedQuery>false</useAdvancedQuery>
</options>
<controls>
<control>
<token>SEARCH</token>
<modules>
<module>
<name>savedSplunkLoader</name>
<requiredArgs>
<arg>savedsplunk</arg>
</requiredArgs>
</module>
<module>
<name>savedSplunkLoader</name>
<requiredArgs>
<arg>savedsearch</arg>
</requiredArgs>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>startdaysago</arg>
</requiredArgs>
<defaults>
<startdaysago>1</startdaysago>
</defaults>
</module>
<module>
<name>sortmeta</name>
<requiredArgs>
<arg>sort</arg>
</requiredArgs>
<optionalArgs>
<arg>order</arg>
</optionalArgs>
</module>
<module>
<name>lastby</name>
<requiredArgs>
<arg>lastby</arg>
</requiredArgs>
</module>
<module>
<name>readtimeout</name>
<requiredArgs>
<arg>readtimeout</arg>
</requiredArgs>
<defaults>
<readtimeout>5</readtimeout>
</defaults>
</module>
<module>
<name>queryid</name>
<requiredArgs>
<arg>queryid</arg>
</requiredArgs>
</module>
<module>
<name>sortorder</name>
<requiredArgs>
<arg>!resultsetsortby</arg>
</requiredArgs>
</module>
<module>
<name>readlevel</name>
<requiredArgs>
<arg>readlevel</arg>
</requiredArgs>
</module>
<module>
<name>readlimit</name>
<requiredArgs>
<arg>readlimit</arg>
</requiredArgs>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>startminutesago</arg>
</requiredArgs>
<defaults>
<startminutesago>1</startminutesago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>starthoursago</arg>
</requiredArgs>
<defaults>
<starthoursago>1</starthoursago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>startmonthsago</arg>
</requiredArgs>
<defaults>
<startmonthsago>1</startmonthsago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>enddaysago</arg>
</requiredArgs>
<defaults>
<enddaysago>1</enddaysago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>endminutesago</arg>
</requiredArgs>
<defaults>
<endminutesago>1</endminutesago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>endhoursago</arg>
</requiredArgs>
<defaults>
<endhoursago>1</endhoursago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>endmonthsago</arg>
</requiredArgs>
<defaults>
<endmonthsago>1</endmonthsago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>searchtimespanhours</arg>
</requiredArgs>
<defaults>
<searchtimespanhours>1</searchtimespanhours>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>searchtimespanminutes</arg>
</requiredArgs>
<defaults>
<searchtimespanminutes>1</searchtimespanminutes>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>searchtimespandays</arg>
</requiredArgs>
<defaults>
<searchtimespandays>1</searchtimespandays>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>searchtimespanmonths</arg>
</requiredArgs>
<defaults>
<searchtimespanmonths>1</searchtimespanmonths>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>starttime</arg>
</requiredArgs>
<optionalArgs>
<arg>timeformat</arg>
</optionalArgs>
<defaults>
<starttime>12/31/1969:16:00:00</starttime>
<timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>endtime</arg>
</requiredArgs>
<optionalArgs>
<arg>timeformat</arg>
</optionalArgs>
<defaults>
<endtime>12/31/2022:16:00:00</endtime>
<timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>starttimeu</arg>
</requiredArgs>
<defaults>
<starttimeu>0</starttimeu>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>endtimeu</arg>
</requiredArgs>
<defaults>
<endtimeu>1672531200</endtimeu>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>daysago</arg>
</requiredArgs>
<defaults>
<daysago>1</daysago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>minutesago</arg>
</requiredArgs>
<defaults>
<minutesago>1</minutesago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>hoursago</arg>
</requiredArgs>
<defaults>
<hoursago>1</hoursago>
</defaults>
</module>
<module>
<name>time</name>
<requiredArgs>
<arg>monthsago</arg>
</requiredArgs>
<defaults>
<monthsago>1</monthsago>
</defaults>
</module>
<module>
<name>maxtime</name>
<requiredArgs>
<arg>maxtime</arg>
</requiredArgs>
<defaults>
<maxtime>60</maxtime>
</defaults>
</module>
<module>
<name>countSetter</name>
<requiredArgs>
<arg>maxevents</arg>
</requiredArgs>
<defaults>
<maxevents>typeahead_suppress</maxevents>
</defaults>
</module>
<module>
<name>eventtypeResolver</name>
<requiredArgs>
<arg>eventtype</arg>
</requiredArgs>
</module>
<module>
<name>eventtypeResolver</name>
<requiredArgs>
<arg>tag</arg>
</requiredArgs>
</module>
<module>
<name>eventtypeResolver</name>
<requiredArgs>
<arg>typetag</arg>
</requiredArgs>
</module>
<module>
<name>eventtypeResolver</name>
<requiredArgs>
<arg>eventtypetag</arg>
</requiredArgs>
</module>
<module>
<name>hosttagResolver</name>
<requiredArgs>
<arg>hosttag</arg>
</requiredArgs>
</module>
<module>
<name>sourcetypeResolver</name>
<requiredArgs>
<arg>sourcetype</arg>
</requiredArgs>
</module>
<module>
<name>domainFinder</name>
<requiredArgs>
<arg>index</arg>
</requiredArgs>
</module>
<module>
<name>connectedbytype</name>
<requiredArgs>
<arg>relatedbytype</arg>
</requiredArgs>
<optionalArgs>
<arg>minrelationbytype</arg>
</optionalArgs>
</module>
<module>
<name>historyuser</name>
<requiredArgs>
<arg>user</arg>
</requiredArgs>
</module>
<module>
<name>regexFilter</name>
<requiredArgs>
<arg>grep</arg>
</requiredArgs>
</module>
<module>
<name>debugCommand</name>
<requiredArgs>
<arg>!++cmd++</arg>
</requiredArgs>
<optionalArgs>
<arg>!++param1++</arg>
<arg>!++param2++</arg>
</optionalArgs>
</module>
</modules>
</control>
<control>
<token>GET</token>
<modules>
<module>
<name>eventGetter</name>
<requiredArgs>
<arg>events</arg>
</requiredArgs>
<optionalArgs>
<arg>summarize</arg>
</optionalArgs>
<requiredControls>
<token>SEARCH</token>
</requiredControls>
</module>
<module>
<name>timebucketsGetter</name>
<requiredArgs>
<arg>timebuckets</arg>
</requiredArgs>
<requiredControls>
<token>SEARCH</token>
</requiredControls>
</module>
<module>
<name>reportGetter</name>
<requiredArgs>
<arg>report</arg>
</requiredArgs>
</module>
<module>
<name>typeGetter</name>
<requiredArgs>
<arg>types</arg>
</requiredArgs>
<optionalArgs>
<arg>samplesfortypes</arg>
</optionalArgs>
</module>
<module>
<name>searchGetter</name>
<requiredArgs>
<arg>searches</arg>
</requiredArgs>
<optionalArgs>
<arg>samplesfortypes</arg>
</optionalArgs>
</module>
<module>
<name>hostGetter</name>
<requiredArgs>
<arg>hosts</arg>
</requiredArgs>
</module>
<module>
<name>sourceTypeGetter</name>
<requiredArgs>
<arg>sourcetypes</arg>
</requiredArgs>
</module>
<module>
<name>eventTagGetter</name>
<requiredArgs>
<arg>eventtags</arg>
</requiredArgs>
</module>
<module>
<name>hostTagGetter</name>
<requiredArgs>
<arg>hosttags</arg>
</requiredArgs>
</module>
<module>
<name>sourceTypeTagGetter</name>
<requiredArgs>
<arg>sourcetypetags</arg>
</requiredArgs>
</module>
<module>
<name>sourceGetter</name>
<requiredArgs>
<arg>sources</arg>
</requiredArgs>
</module>
<module>
<name>reportGetter</name>
<requiredArgs>
<arg>report</arg>
</requiredArgs>
</module>
<module>
<name>formatGetter</name>
<requiredArgs>
<arg>formats</arg>
</requiredArgs>
</module>
</modules>
</control>
<control>
<token>OUTPUT</token>
<modules>
<module>
<name>emailOut</name>
<requiredArgs>
<arg>email</arg>
</requiredArgs>
<optionalArgs>
<arg>format</arg>
</optionalArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
<module>
<name>schedOut</name>
<requiredArgs>
<arg>scheduler</arg>
</requiredArgs>
<optionalArgs>
<arg>resolveids</arg>
</optionalArgs>
</module>
<module>
<name>schedOut</name>
<requiredArgs>
<arg>summary</arg>
</requiredArgs>
<optionalArgs>
<arg>resolveids</arg>
</optionalArgs>
</module>
<module>
<name>rssOut</name>
<requiredArgs>
<arg>rssfeed</arg>
</requiredArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
<module>
<name>splunkUIOut</name>
<requiredArgs>
<arg>splunkui</arg>
</requiredArgs>
<optionalArgs>
<arg>format</arg>
<arg>idcount</arg>
<arg>maxlines</arg>
<arg>timeformat</arg>
</optionalArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
<module>
<name>exportOut</name>
<requiredArgs>
<arg>exportto</arg>
</requiredArgs>
<optionalArgs>
<arg>format</arg>
</optionalArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
<module>
<name>raweventsOut</name>
<requiredArgs>
<arg>rawevents</arg>
</requiredArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
<module>
<name>magicgraph</name>
<requiredArgs>
<arg>magicgraph</arg>
</requiredArgs>
<requiredControls>
<token>GET</token>
</requiredControls>
</module>
</modules>
</control>
</controls>
<!--
Examples :
Running a normal splunk ui query
SEARCH get NOT post NOT( eventtype::error OR connected::foo:1:123544 ) count::100000 domain::splunkdb1
GET events::0-20 types::all sourcetypes::all timebuckets::all
OUTPUT splunkui::ajax format::heavy
Running a query to email all the sources in the system to brian@splunk.com with html email format
GET sources::all
OUTPUT email::brian@splunk.com format::htmlmail
-->
</language>

24
splunk-launch.conf
Unescape View File

@ -0,0 +1,24 @@
# Version 9.0.0
# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home
# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
PYTHONHTTPSVERIFY=0
OPTIMISTIC_ABOUT_FILE_LOCKING=1

4
splunk.version
Unescape View File

@ -0,0 +1,4 @@
VERSION=9.1.0.2
BUILD=b6436b649711
PRODUCT=splunk
PLATFORM=Linux-x86_64
Write Preview
Loading…
Cancel
Save