From a25d8fae8a59e70afaf19a00ed04b4cb0d8fc1df Mon Sep 17 00:00:00 2001
From: Splunk User <splunk@SVLCTPLOGSUP01.jpit.com>
Date: Thu, 27 Jul 2023 15:40:52 +0200
Subject: [PATCH] Initial commit with deployment server deployment apps and
 system local configs

---
 .ui_login                                     |   0
 datetime.xml                                  | 225 +++++++
 .../01-Conf_license_slave/default/app.conf    |  11 +
 .../01-Conf_license_slave/default/server.conf |   9 +
 .../01-Conf_license_slave/local/app.conf      |   1 +
 .../01-idx_kvstore_base/default/app.conf      |  11 +
 .../01-idx_kvstore_base/default/server.conf   |   4 +
 .../01-idx_kvstore_base/local/app.conf        |   1 +
 .../01-idx_receiver_port/default/app.conf     |  11 +
 .../01-idx_receiver_port/default/inputs.conf  |   1 +
 .../01-idx_receiver_port/local/app.conf       |   1 +
 .../01-idx_volume_indexes/.DS_Store           | Bin 0 -> 6148 bytes
 .../01-idx_volume_indexes/default/app.conf    |  11 +
 .../default/indexes.conf                      |   7 +
 .../01-idx_volume_indexes/local/app.conf      |   1 +
 .../01-idx_volume_indexes/metadata/local.meta |   3 +
 deployment-apps/01-idx_web_base/.DS_Store     | Bin 0 -> 6148 bytes
 .../01-idx_web_base/default/app.conf          |  11 +
 .../01-idx_web_base/default/web.conf          |  12 +
 .../01-idx_web_base/local/app.conf            |   1 +
 deployment-apps/02-M-TIC_CM/local/app.conf    |  11 +
 .../02-M-TIC_CM/local/distsearch.conf         |  19 +
 .../default/app.conf                          |  11 +
 .../default/outputs.conf                      |  12 +
 .../local/app.conf                            |   1 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   4 +
 .../metadata/local.meta                       |   3 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   4 +
 .../metadata/local.meta                       |   3 +
 .../local/app.conf                            |   9 +
 .../local/outputs.conf                        |  12 +
 .../local/server.conf                         |   2 +
 .../default/app.conf                          |  11 +
 .../default/server.conf                       |   5 +
 .../local/app.conf                            |   1 +
 .../02-M-TIC_deployer_base/local/app.conf     |   9 +
 .../02-M-TIC_deployer_base/local/server.conf  |   3 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   4 +
 .../metadata/local.meta                       |   3 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   4 +
 .../metadata/local.meta                       |   3 +
 .../02-M-TIC_idx_cluster_base/.DS_Store       | Bin 0 -> 6148 bytes
 .../default/app.conf                          |  11 +
 .../default/fields.conf                       |   2 +
 .../default/server.conf                       |   6 +
 .../02-M-TIC_idx_cluster_base/local/app.conf  |   1 +
 .../default/app.conf                          |  11 +
 .../default/indexes.conf                      |  65 ++
 .../02-M-TIC_idx_indexes_base/local/app.conf  |   1 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   5 +
 .../metadata/local.meta                       |   3 +
 .../02-M-TIC_sh_cluster_base/default/app.conf |   9 +
 .../default/authorize.conf                    |   0
 .../default/fields.conf                       |   0
 .../default/server.conf                       |  17 +
 .../metadata/default.meta                     |   3 +
 .../default/app.conf                          |  11 +
 .../default/server.conf                       |   9 +
 .../local/app.conf                            |   1 +
 .../default/app.conf                          |   9 +
 .../default/indexes.conf                      |   6 +
 .../local/app.conf                            |   9 +
 .../local/inputs.conf                         |   7 +
 .../metadata/local.meta                       |   3 +
 deployment-apps/For_MC/local/distsearch.conf  |  30 +
 deployment-apps/For_MC/local/health.conf      |   1 +
 deployment-apps/README                        |   6 +
 .../splunk_monitoring_console_assets.conf     |   4 +
 searchLanguage.xml                            | 632 ++++++++++++++++++
 splunk-launch.conf                            |  25 +
 splunk.version                                |   4 +
 76 files changed, 1391 insertions(+)
 create mode 100644 .ui_login
 create mode 100644 datetime.xml
 create mode 100644 deployment-apps/01-Conf_license_slave/default/app.conf
 create mode 100644 deployment-apps/01-Conf_license_slave/default/server.conf
 create mode 100644 deployment-apps/01-Conf_license_slave/local/app.conf
 create mode 100644 deployment-apps/01-idx_kvstore_base/default/app.conf
 create mode 100644 deployment-apps/01-idx_kvstore_base/default/server.conf
 create mode 100644 deployment-apps/01-idx_kvstore_base/local/app.conf
 create mode 100644 deployment-apps/01-idx_receiver_port/default/app.conf
 create mode 100644 deployment-apps/01-idx_receiver_port/default/inputs.conf
 create mode 100644 deployment-apps/01-idx_receiver_port/local/app.conf
 create mode 100644 deployment-apps/01-idx_volume_indexes/.DS_Store
 create mode 100644 deployment-apps/01-idx_volume_indexes/default/app.conf
 create mode 100644 deployment-apps/01-idx_volume_indexes/default/indexes.conf
 create mode 100644 deployment-apps/01-idx_volume_indexes/local/app.conf
 create mode 100644 deployment-apps/01-idx_volume_indexes/metadata/local.meta
 create mode 100644 deployment-apps/01-idx_web_base/.DS_Store
 create mode 100644 deployment-apps/01-idx_web_base/default/app.conf
 create mode 100644 deployment-apps/01-idx_web_base/default/web.conf
 create mode 100644 deployment-apps/01-idx_web_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_CM/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_CM/local/distsearch.conf
 create mode 100644 deployment-apps/02-M-TIC_all_forwarding_outputs/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_all_forwarding_outputs/default/outputs.conf
 create mode 100644 deployment-apps/02-M-TIC_all_forwarding_outputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf
 create mode 100644 deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/server.conf
 create mode 100644 deployment-apps/02-M-TIC_cluster_master_base/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_cluster_master_base/default/server.conf
 create mode 100644 deployment-apps/02-M-TIC_cluster_master_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_deployer_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_deployer_base/local/server.conf
 create mode 100644 deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/02-M-TIC_idx_cluster_base/.DS_Store
 create mode 100644 deployment-apps/02-M-TIC_idx_cluster_base/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_cluster_base/default/fields.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_cluster_base/default/server.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_cluster_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_indexes_base/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf
 create mode 100644 deployment-apps/02-M-TIC_idx_indexes_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_linux_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_linux_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_linux_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/02-M-TIC_sh_cluster_base/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_cluster_base/default/authorize.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_cluster_base/default/fields.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_cluster_base/default/server.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_cluster_base/metadata/default.meta
 create mode 100644 deployment-apps/02-M-TIC_sh_idxcluster_base/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_idxcluster_base/default/server.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_idxcluster_base/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_volume_indexes/default/app.conf
 create mode 100644 deployment-apps/02-M-TIC_sh_volume_indexes/default/indexes.conf
 create mode 100644 deployment-apps/02-M-TIC_windows_forwarders_inputs/local/app.conf
 create mode 100644 deployment-apps/02-M-TIC_windows_forwarders_inputs/local/inputs.conf
 create mode 100644 deployment-apps/02-M-TIC_windows_forwarders_inputs/metadata/local.meta
 create mode 100644 deployment-apps/For_MC/local/distsearch.conf
 create mode 100644 deployment-apps/For_MC/local/health.conf
 create mode 100644 deployment-apps/README
 create mode 100644 deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
 create mode 100644 searchLanguage.xml
 create mode 100644 splunk-launch.conf
 create mode 100644 splunk.version

diff --git a/.ui_login b/.ui_login
new file mode 100644
index 0000000..e69de29
diff --git a/datetime.xml b/datetime.xml
new file mode 100644
index 0000000..dbc902a
--- /dev/null
+++ b/datetime.xml
@@ -0,0 +1,225 @@
+<!--   Version 5.0 -->
+
+<!-- datetime.xml -->
+<!-- This file contains the general formulas for parsing date/time formats. -->
+
+<datetime>
+
+<define name="_year" extract="year">
+	<text><![CDATA[(20\d\d|19\d\d|[9012]\d(?!\d))]]></text>
+</define>
+
+<define name="_month" extract="month">
+	<text><![CDATA[(0?[1-9]|1[012])(?!:)]]></text>
+</define>
+
+<define name="_litmonth"  extract="litmonth">
+	 <text><![CDATA[(?<![\d\w])(jan|\x{4E00}\x{6708}|feb|\x{4E8C}\x{6708}|mar|\x{4E09}\x{6708}|apr|\x{56DB}\x{6708}|may|\x{4E94}\x{6708}|jun|\x{516D}\x{6708}|jul|\x{4E03}\x{6708}|aug|\x{516B}\x{6708}|sep|\x{4E5D}\x{6708}|oct|\x{5341}\x{6708}|nov|\x{5341}\x{4E00}\x{6708}|dec|\x{5341}\x{4E8C}\x{6708})[a-z,\.;]*]]></text>
+</define>
+
+<define name="_allmonth" extract="litmonth, month">
+	<text><![CDATA[(?:]]></text>
+        <use name="_litmonth"/>
+	<text><![CDATA[|]]></text>
+        <use name="_month"/>
+	<text><![CDATA[)]]></text>
+</define>
+
+<define name="_day"  extract="day">
+	<text><![CDATA[(0?[1-9]|[12]\d|3[01])]]></text> 
+</define>
+
+<define name="_usday" extract="day">
+	<use name="_day"/>
+	<text><![CDATA[(?:st|nd|rd|th|[,\.;])?]]></text>
+</define>
+
+<define name="_hour" extract="hour">
+	<text><![CDATA[([01]?[0-9]|[012][0-3])(?!\d)]]></text>
+</define>
+
+<define name="_minute" extract="minute">
+	<text><![CDATA[([0-6]\d)(?!\d)]]></text>
+</define>
+
+<define name="_second" extract="second">
+	<text><![CDATA[([0-6]\d)(?!\d)]]></text>
+</define>
+
+<define name="_zone" extract="zone">
+	 <text><![CDATA[((?:(?:UT|UTC|GMT(?![+-])|CET|CEST|CETDST|MET|MEST|METDST|MEZ|MESZ|EET|EEST|EETDST|WET|WEST|WETDST|MSK|MSD|IST|JST|KST|HKT|AST|ADT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|CAST|CADT|EAST|EADT|WAST|WADT|Z)|(?:GMT)?[+-]\d\d?:?(?:\d\d)?)(?!\w))?]]></text>
+</define>
+
+<define name="_ampm" extract="ampm">
+	<text><![CDATA[([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348})?]]></text>
+</define>
+
+<define name="_time" extract="hour, minute, second, subsecond, ampm, zone">
+	<text><![CDATA[(?<!\d)]]></text>
+        <use name="_hour"/>
+	<text><![CDATA[:]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[:]]></text>
+        <use name="_second"/> 
+	<text><![CDATA[(?:(?: \d{4})?[:,\.](\d+))? {0,2}]]></text>
+        <use name="_ampm"/>
+	<text><![CDATA[ {0,2}]]></text>
+        <use name="_zone"/>
+	<text><![CDATA[(?!:\d)]]></text>
+</define>
+
+<define name="_hmtime" extract="hour, minute, ampm">
+	<text><![CDATA[(?<!\d)]]></text>
+        <use name="_hour"/>
+	<text><![CDATA[:]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[(?: ([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348}))?(?!:[:\d])]]></text>
+</define>
+
+
+<define name="_dottime" extract="hour, minute, second, subsecond, zone">
+	<text><![CDATA[(?<![\d\.])([01]\d|2[0-3])\.]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[(?:\.?]]></text>
+        <use name="_second"/>
+	<text><![CDATA[(?:[:,]\d+)?(?:\.(\d\d\d\d+))?) {0,2}]]></text>
+        <use name="_zone"/>
+	<text><![CDATA[(?![0-9\.])]]></text>
+</define>
+
+<define name="_combdatetime" extract="year, month, day, hour, minute, second, subsecond">
+        <!-- ... 20060502-000002 GMT ... -->
+	<text><![CDATA[(?<![\d\.])(20\d\d)(0\d|1[012])([012]\d|3[01])[.-]?([01]\d|2[0123])([0-6]\d)([0-6]\d)(?:\.?(\d+))?]]>\s*</text>
+        <use name="_zone"/> 
+</define>
+
+<define name="_combdatetime2" extract="year, ignored_sep, month, day, hour, minute, second, zone">
+        <!-- ... 2007-3-22 0:0:2 GMT ...' -->
+        <!-- ... 2007/3/22 0:0:2 GMT ...' -->
+        <text><![CDATA[(?<![\d\.])(20\d\d)([-/])([01]?\d)\2([012]?\d|3[01])\s+([012]?\d):([0-6]?\d):([0-6]?\d)]]>\s*</text>
+        <use name="_zone"/> 
+</define>
+
+
+
+<define name="_usdate" extract="litmonth, month, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_allmonth"/> 
+         <text><![CDATA[([/\- ]) {0,2}]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\3|,) {0,2}]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+<!-- Jan 21, 09.  allows spaces with litmonth only -->
+<define name="_usdate1" extract="litmonth, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_litmonth"/> 
+         <text><![CDATA[([/\- ]) {0,2}]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\2|,) {0,2}]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+<!-- 10/21/09. doesn't allow spaces (e.g. 10 21 09) with numeric month -->
+<define name="_usdate2" extract="month, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_month"/> 
+         <text><![CDATA[([/\-])]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:)(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\2)]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+
+<define name="_isodate" extract="year, ignored_sep, litmonth, month, day">
+        <text><![CDATA[(?<![\w\d])]]></text>
+        <use name="_year"/>
+	<text><![CDATA[([\./\- ])]]></text>
+        <use name="_allmonth"/>
+	<text><![CDATA[(?!\d)(?:[\./\- ] {0,2})?]]></text>
+        <use name="_day"/>
+        <text><![CDATA[(?!/)(?:(?=T)|(?!\w)(?!\.\d))]]></text>
+</define>
+
+<!-- eurodate format.  period/dot delim separated out to eurodate2 -->
+<define name="_eurodate1" extract="day, ignored_sep, litmonth, month, year">
+        <text><![CDATA[(?<![\w\.])]]></text>
+        <use name="_usday"/> 
+	<text><![CDATA[([\- /]) {0,2}]]></text>
+        <use name="_allmonth"/>
+        <text><![CDATA[\2 {0,2}]]></text>
+        <use name="_year"/>
+        <text><![CDATA[(?![\w\.])]]></text>
+</define>
+
+<!-- just period/dot delimiter.  do not allow any spaces after dots (e.g. "version 5.4. 10" -->
+<define name="_eurodate2" extract="day, litmonth, month, year">
+        <text><![CDATA[(?<![\w\.])]]></text>
+        <use name="_usday"/> 
+	<text><![CDATA[\.]]></text>
+        <use name="_allmonth"/>
+        <text><![CDATA[\.]]></text>
+        <use name="_year"/>
+        <text><![CDATA[(?![\w\.])]]></text>
+</define>
+
+
+<define name="_bareurlitdate" extract="day, litmonth, year">
+	<text><![CDATA[(\d\d?)\|\|(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\|\|(20\d\d)]]></text>
+</define>
+
+<define name="_orddate" extract="year, ord">
+	<text><![CDATA[\s([01]\d)([0123]\d\d)\s]]></text>
+</define>
+
+<!-- due to high number of false positive matches, this format is
+     limited to special cases.  either at the start of a line or in
+     filename matches only, by prefixing with a "source::" -->
+
+<!-- don't allow multiple spaces after mashed date.  indicates number in column -->
+<define name="_masheddate" extract="year, month, day">
+	<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.|-)(?:20)?([9012]\d)(0\d|1[012])([012]\d|3[01])(?!\d|-| {2,})]]></text>
+</define>
+<define name="_masheddate2" extract="month, day, year">
+	<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.)(0\d|1[012])([012]\d|3[01])(?:20)?([9012]\d)(?!\d| {2,})]]></text>
+</define>
+
+<define name="_utcepoch" extract="utcepoch, subsecond">
+        <!-- update regex before '2030' -->
+	<text><![CDATA[((?<=^|[\s#,"=\(\[\|\{])(?:1[012345678])\d{8}|^@[\da-fA-F]{16,24})(?:\.?(\d{1,6}))?(?![\d\(])]]></text>
+</define>
+
+<timePatterns>
+      <use name="_time"/>
+      <use name="_hmtime"/>
+      <use name="_hmtime"/>
+      <use name="_dottime"/>
+      <use name="_combdatetime"/>
+      <use name="_utcepoch"/>
+      <use name="_combdatetime2"/>
+</timePatterns>
+<datePatterns>
+      <use name="_usdate1"/> 
+      <use name="_usdate2"/> 
+      <use name="_isodate"/>
+      <use name="_eurodate1"/> 
+      <use name="_eurodate2"/> 
+      <use name="_bareurlitdate"/> 
+      <use name="_orddate"/>
+      <use name="_combdatetime"/>
+      <use name="_masheddate"/>
+      <use name="_masheddate2"/>
+      <use name="_combdatetime2"/>
+</datePatterns>
+
+</datetime>
diff --git a/deployment-apps/01-Conf_license_slave/default/app.conf b/deployment-apps/01-Conf_license_slave/default/app.conf
new file mode 100644
index 0000000..149b00b
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/default/app.conf
@@ -0,0 +1,11 @@
+        [launcher]
+        version = 1.0.0
+        author =  VABOS
+        description = Configure instance as License Slave
+
+        [package]
+        id = Conf_license_slave
+
+
+        [ui]
+        is_visible = false
\ No newline at end of file
diff --git a/deployment-apps/01-Conf_license_slave/default/server.conf b/deployment-apps/01-Conf_license_slave/default/server.conf
new file mode 100644
index 0000000..8bc53ae
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/default/server.conf
@@ -0,0 +1,9 @@
+        # In distributed environments, it's common to have a lone search head acting
+        # as the license master as well. In this configuration, providing the URI
+        # of the license master is easiest within the indexer_base configuration.
+        # In the event that there are multiple search heads, you could instead use
+        # the org_all_license app, shipped to the non-license SH, as well as all of
+        # the indexers. In either event, the settings are the same.
+
+        [license]
+        master_uri = https://SVLCTPLOGLMR.jpit.com:8089
\ No newline at end of file
diff --git a/deployment-apps/01-Conf_license_slave/local/app.conf b/deployment-apps/01-Conf_license_slave/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_kvstore_base/default/app.conf b/deployment-apps/01-idx_kvstore_base/default/app.conf
new file mode 100644
index 0000000..693301d
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Disable Kvstore on Indexers
+
+[package]
+id = edf_idx_kvstore_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_kvstore_base/default/server.conf b/deployment-apps/01-idx_kvstore_base/default/server.conf
new file mode 100644
index 0000000..f4cf81b
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/default/server.conf
@@ -0,0 +1,4 @@
+# kvstore not needed on indexers, let's disable it
+# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
+[kvstore]
+disabled = true
diff --git a/deployment-apps/01-idx_kvstore_base/local/app.conf b/deployment-apps/01-idx_kvstore_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_receiver_port/default/app.conf b/deployment-apps/01-idx_receiver_port/default/app.conf
new file mode 100644
index 0000000..c02c82c
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Enable receiving on Indexer layer
+
+[package]
+id = edf_idx_receiver_port
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_receiver_port/default/inputs.conf b/deployment-apps/01-idx_receiver_port/default/inputs.conf
new file mode 100644
index 0000000..f9562b9
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/default/inputs.conf
@@ -0,0 +1 @@
+[splunktcp://9997]
diff --git a/deployment-apps/01-idx_receiver_port/local/app.conf b/deployment-apps/01-idx_receiver_port/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/.DS_Store b/deployment-apps/01-idx_volume_indexes/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..028aabb758628f55ccd3ee57f0c97e806229edba
GIT binary patch
literal 6148
zcmeHKyH3ME5S)b|EYYN-ykFoCtSEc|KLEr~8Mz?o-SOMZK0rneEd`pD_Qsjpxs#{x
zW&zmlG~5AO03Fj2AHJ-^_dQo}QOqUL;*1kU9EbPA_&lwu&l9e_#()>R;t31=G`ir5
z2TnL}Ys_Pl?(jy%k@UbME;r9#BvuZ{0XZNC<bWIq2iUVcx|>9;azGBqfo})=`_Pz<
zec_xKpAIfD0uVQ(BlsM%1hF|m><i~aG7L*8F{M@`hNYZ*tGd2$PE0whh7YTottJ$U
z+j)MAa#)|JRSw93pAPu!&DeVXzi0k3|9g!>4#<Ij>VR$b5BnWou6pb0HNDq1<|Fef
pSR3VBq7@UP74wI;;@d@C^Jnh&g>z!a$%mY%KLYNHLJs_e1D{xlAld)`

literal 0
HcmV?d00001

diff --git a/deployment-apps/01-idx_volume_indexes/default/app.conf b/deployment-apps/01-idx_volume_indexes/default/app.conf
new file mode 100644
index 0000000..538800e
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/default/app.conf
@@ -0,0 +1,11 @@
+
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Contient la configuration des volumes de données
+
+[package]
+id = edf_idx_volume_indexes
+
+[ui]
+is_visible = false
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/default/indexes.conf b/deployment-apps/01-idx_volume_indexes/default/indexes.conf
new file mode 100644
index 0000000..840aac3
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/default/indexes.conf
@@ -0,0 +1,7 @@
+[volume:primary]
+path = /data/splunk_data
+maxVolumeDataSizeMB = 60000
+
+[volume:secondary]
+path = /data_cold/splunk_data
+maxVolumeDataSizeMB = 240000
diff --git a/deployment-apps/01-idx_volume_indexes/local/app.conf b/deployment-apps/01-idx_volume_indexes/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/metadata/local.meta b/deployment-apps/01-idx_volume_indexes/metadata/local.meta
new file mode 100644
index 0000000..d827768
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/01-idx_web_base/.DS_Store b/deployment-apps/01-idx_web_base/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..0f328807bfbfaa6628ff7fa508af1395b03e545c
GIT binary patch
literal 6148
zcmeHKJ5EC}5S)cbM50NV(pTUHRuoRa1^7Iuo|FR8zlw9^Xv}^Jq6b}4B$}1hW3P8?
zd5X7h0oZ0gJOC>IOS&VzeVCi?yU*;VB1WY1j6Ftt4WDo0>u#3)cfh%K81Rk{y!__x
zM&FW20VyB_q<|EV0w-3W3heU!#OLZbDIf(dUjhF<G`eFioD$>H!68}z;)3BY&ZCzg
zHV+Vc;grY-&5}w?s#S|&NoTxOUN4*ylMbuq!|G<M4#nbjp5G!J))O^K0V!~-z-=y9
zUjHBI|MdUIB(0=?6u2q{Y_WaXZuq3Ct+U5@t!?yYy5}6|Zkz{&LzH7;lw&Tu9IqoO
a^P11O-wUV2pfetHqJ9Qk7nu||w*o)$Z55dS

literal 0
HcmV?d00001

diff --git a/deployment-apps/01-idx_web_base/default/app.conf b/deployment-apps/01-idx_web_base/default/app.conf
new file mode 100644
index 0000000..184f4ca
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = Mattys Hervé (OBS)
+description = Disable Web access on Indexers
+
+[package]
+id = odin_idx_web_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_web_base/default/web.conf b/deployment-apps/01-idx_web_base/default/web.conf
new file mode 100644
index 0000000..ccb5abc
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/default/web.conf
@@ -0,0 +1,12 @@
+# In larger environments, where there are more than, say, three indexers,
+# it's common to disable the Splunk UI. This helps avoid configuration issues
+# caused by logging in to the UI to do something directly via the manager,
+# as well as saving some system resources.
+
+[settings]
+ startwebserver = 0
+
+# avoid timeout when indexer loaded 
+splunkdConnectionTimeout = 120
+
+
diff --git a/deployment-apps/01-idx_web_base/local/app.conf b/deployment-apps/01-idx_web_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_CM/local/app.conf b/deployment-apps/02-M-TIC_CM/local/app.conf
new file mode 100644
index 0000000..7ed6d3d
--- /dev/null
+++ b/deployment-apps/02-M-TIC_CM/local/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+author =  VABOS
+description = Configure Distributed Search for Monitoring Console
+version = 1.0
+
+[package]
+id = MAQ_M-TIC_DSMC
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_CM/local/distsearch.conf b/deployment-apps/02-M-TIC_CM/local/distsearch.conf
new file mode 100644
index 0000000..6eddce7
--- /dev/null
+++ b/deployment-apps/02-M-TIC_CM/local/distsearch.conf
@@ -0,0 +1,19 @@
+[distributedSearch:dmc_group_search_head]
+servers = localhost:localhost
+[distributedSearch:dmc_group_cluster_master]
+
+
+[distributedSearch:dmc_group_license_master]
+
+[distributedSearch:dmc_group_deployment_server]
+
+[distributedSearch:dmc_group_indexer]
+default = false
+servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+
+[distributedSearch:dmc_group_kv_store]
+
+[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
+servers = localhost:localhost,SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
diff --git a/deployment-apps/02-M-TIC_all_forwarding_outputs/default/app.conf b/deployment-apps/02-M-TIC_all_forwarding_outputs/default/app.conf
new file mode 100644
index 0000000..ff2b941
--- /dev/null
+++ b/deployment-apps/02-M-TIC_all_forwarding_outputs/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0
+author =  VABOS
+description = Enable forwarding to Indexer layer
+
+[package]
+id = m-tic_all_forwarding_outputs
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_all_forwarding_outputs/default/outputs.conf b/deployment-apps/02-M-TIC_all_forwarding_outputs/default/outputs.conf
new file mode 100644
index 0000000..2bd409d
--- /dev/null
+++ b/deployment-apps/02-M-TIC_all_forwarding_outputs/default/outputs.conf
@@ -0,0 +1,12 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group
+defaultGroup = m-tic_indexer
+maxQueueSize = 7MB
+useACK = true
+forceTimebasedAutoLB = true
+
+[tcpout:m-tic_indexer]
+server =  SVLCTPLOGIDX01.jpit.com:9997, SVLCTPLOGIDX02.jpit.com:9997
+~
diff --git a/deployment-apps/02-M-TIC_all_forwarding_outputs/local/app.conf b/deployment-apps/02-M-TIC_all_forwarding_outputs/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/02-M-TIC_all_forwarding_outputs/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..42ce7ae
--- /dev/null
+++ b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/catchother/*/*/*.log]
+disabled = false
+index = idx_m-tic_catchall
+sourcetype = catchall
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..d205169
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/cisco/.../*.log]
+disabled = false
+index = idx_m-tic_cisco
+sourcetype = cisco
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/app.conf b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/app.conf
new file mode 100644
index 0000000..658f61e
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf
new file mode 100644
index 0000000..32aa73f
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf
@@ -0,0 +1,12 @@
+[tcpout]
+defautlGroup = primary_indexers
+maxQueuSize = 100MB
+useACK = true
+forceTimebaseAutoLB = true
+forwardedindex.2.whitelist = (_audit|_introspection|_internal)
+
+[tcpout:primary_indexers]
+server = SVLCTPLOGIDX01.jpit.com:9997, SVLCTPLOGIDX02.jpit.com:9997
+
+#clientCert = $SPLUNK_HOME/etc/auth/server.pem
+#sslPassword = 
diff --git a/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/server.conf b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/server.conf
new file mode 100644
index 0000000..e05e21c
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_forwarder_outputs/local/server.conf
@@ -0,0 +1,2 @@
+[sslConfig]
+sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_cluster_master_base/default/app.conf b/deployment-apps/02-M-TIC_cluster_master_base/default/app.conf
new file mode 100644
index 0000000..1c4bb3d
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_master_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure Cluster Master
+
+[package]
+id = M-TIC_cluster_master_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_cluster_master_base/default/server.conf b/deployment-apps/02-M-TIC_cluster_master_base/default/server.conf
new file mode 100644
index 0000000..4ea84ee
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_master_base/default/server.conf
@@ -0,0 +1,5 @@
+[clustering]
+cluster_label = Cluster_M-TIC
+mode = master
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+replication_factor = 2
diff --git a/deployment-apps/02-M-TIC_cluster_master_base/local/app.conf b/deployment-apps/02-M-TIC_cluster_master_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/02-M-TIC_cluster_master_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_deployer_base/local/app.conf b/deployment-apps/02-M-TIC_deployer_base/local/app.conf
new file mode 100644
index 0000000..658f61e
--- /dev/null
+++ b/deployment-apps/02-M-TIC_deployer_base/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_deployer_base/local/server.conf b/deployment-apps/02-M-TIC_deployer_base/local/server.conf
new file mode 100644
index 0000000..a0cfec9
--- /dev/null
+++ b/deployment-apps/02-M-TIC_deployer_base/local/server.conf
@@ -0,0 +1,3 @@
+[shclustering]
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+shcluster_label = M-TIC_shcluster
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..d108a5d
--- /dev/null
+++ b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/esxi/*/*/*.log]
+disabled = false
+index = idx_m-tic_esxi
+sourcetype = esxi
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..a94ccf2
--- /dev/null
+++ b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
+disabled = false
+index = idx_m-tic_fortigate
+sourcetype = fortigate
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/02-M-TIC_idx_cluster_base/.DS_Store b/deployment-apps/02-M-TIC_idx_cluster_base/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..0f328807bfbfaa6628ff7fa508af1395b03e545c
GIT binary patch
literal 6148
zcmeHKJ5EC}5S)cbM50NV(pTUHRuoRa1^7Iuo|FR8zlw9^Xv}^Jq6b}4B$}1hW3P8?
zd5X7h0oZ0gJOC>IOS&VzeVCi?yU*;VB1WY1j6Ftt4WDo0>u#3)cfh%K81Rk{y!__x
zM&FW20VyB_q<|EV0w-3W3heU!#OLZbDIf(dUjhF<G`eFioD$>H!68}z;)3BY&ZCzg
zHV+Vc;grY-&5}w?s#S|&NoTxOUN4*ylMbuq!|G<M4#nbjp5G!J))O^K0V!~-z-=y9
zUjHBI|MdUIB(0=?6u2q{Y_WaXZuq3Ct+U5@t!?yYy5}6|Zkz{&LzH7;lw&Tu9IqoO
a^P11O-wUV2pfetHqJ9Qk7nu||w*o)$Z55dS

literal 0
HcmV?d00001

diff --git a/deployment-apps/02-M-TIC_idx_cluster_base/default/app.conf b/deployment-apps/02-M-TIC_idx_cluster_base/default/app.conf
new file mode 100644
index 0000000..9cfba3a
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_cluster_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default clustering options on Indexers
+
+[package]
+id = M-TIC_idx_cluster_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_idx_cluster_base/default/fields.conf b/deployment-apps/02-M-TIC_idx_cluster_base/default/fields.conf
new file mode 100644
index 0000000..1b1a8f3
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_cluster_base/default/fields.conf
@@ -0,0 +1,2 @@
+[edfZone]
+INDEXED = true
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_idx_cluster_base/default/server.conf b/deployment-apps/02-M-TIC_idx_cluster_base/default/server.conf
new file mode 100644
index 0000000..75f1439
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_cluster_base/default/server.conf
@@ -0,0 +1,6 @@
+[replication_port://9100]
+
+[clustering]
+manager_uri = https://SVLCTPLOGCLM01.jpit.com:8089
+mode = peer
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
diff --git a/deployment-apps/02-M-TIC_idx_cluster_base/local/app.conf b/deployment-apps/02-M-TIC_idx_cluster_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_cluster_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_idx_indexes_base/default/app.conf b/deployment-apps/02-M-TIC_idx_indexes_base/default/app.conf
new file mode 100644
index 0000000..b17b3c9
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_indexes_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default optimisation on Indexers
+
+[package]
+id = edf_idx_indexes_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf b/deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf
new file mode 100644
index 0000000..821331f
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf
@@ -0,0 +1,65 @@
+[default]
+thawedPath = $SPLUNK_DB/$_index_name/thaweddb
+coldPath = volume:secondary/$_index_name/colddb
+homePath = volume:primary/$_index_name/db
+tstatsHomePath = volume:primary/$_index_name/datamodel_summary
+tsidxWritingLevel = 4
+journalCompression = zstd
+enableDataIntegrityControl = 0
+enableTsidxReduction = 0
+archiver.enableDataArchive = 0
+compressRawdata = 1
+enableOnlineBucketRepair = 1
+rtRouterQueueSize =
+rtRouterThreads =
+selfStorageThreads =
+suspendHotRollByDeleteQuery = 0
+syncMeta = 1
+maxTotalDataSizeMB = 5000
+
+[idx_m-tic_windows]
+
+[idx_m-tic_fortigate]
+
+[idx_m-tic_linux]
+
+[idx_m-tic_esxi]
+
+[vmware-esxilog]
+
+[vmware-perf-metrics]
+datatype = metric
+
+[vmware-inv]
+
+[vmware-taskevent]
+
+[vmware-vclog]
+
+[idx_m-tic_alcatel]
+
+[idx_m-tic_cisco]
+
+[idx_m-tic_switch]
+
+[idx_m-tic_catchall]
+
+[idx_m-tic_catchother]
+
+[idx_m-tic_other]
+
+[idx_m-tic_glpi]
+
+[idx_m-tic_glpi_vm]
+
+[idx_m-tic_glpi_kb]
+
+[idx_m-tic_glpi_sep]
+
+[idx_m-tic_glpi_obsolescence]
+
+[idx_m-tic_genetec_sc]
+
+[idx_ldap]
+
+[idx_m-tic_synology]
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_idx_indexes_base/local/app.conf b/deployment-apps/02-M-TIC_idx_indexes_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/02-M-TIC_idx_indexes_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..c179be9
--- /dev/null
+++ b/deployment-apps/02-M-TIC_linux_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,5 @@
+[monitor:///var/rsyslog/*/linux/.../*.log]
+disabled = 0
+host_segment = 6
+index = idx_m-tic_linux
+sourcetype = syslog_linux
diff --git a/deployment-apps/02-M-TIC_linux_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_linux_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_linux_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/02-M-TIC_sh_cluster_base/default/app.conf b/deployment-apps/02-M-TIC_sh_cluster_base/default/app.conf
new file mode 100644
index 0000000..b67d010
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_cluster_base/default/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_sh_cluster_base/default/authorize.conf b/deployment-apps/02-M-TIC_sh_cluster_base/default/authorize.conf
new file mode 100644
index 0000000..e69de29
diff --git a/deployment-apps/02-M-TIC_sh_cluster_base/default/fields.conf b/deployment-apps/02-M-TIC_sh_cluster_base/default/fields.conf
new file mode 100644
index 0000000..e69de29
diff --git a/deployment-apps/02-M-TIC_sh_cluster_base/default/server.conf b/deployment-apps/02-M-TIC_sh_cluster_base/default/server.conf
new file mode 100644
index 0000000..068d220
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_cluster_base/default/server.conf
@@ -0,0 +1,17 @@
+[clustering]
+mode = searchhead
+manager_uri = clustermanager:one
+
+[clustermanager:one]
+manager_uri = https://SVLCTPLOGCLM01.jpit.com:8089
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+multisite = false
+
+[shclustering]
+shcluster_label = M-TIC_shcluster
+conf_deploy_fetch_url = https://SVLCTPLOGSUP01.jpit.com:8089
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+
+[httpServer]
+maxThreads = 150000
+maxSockets = 250000
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_sh_cluster_base/metadata/default.meta b/deployment-apps/02-M-TIC_sh_cluster_base/metadata/default.meta
new file mode 100644
index 0000000..0e683b4
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_cluster_base/metadata/default.meta
@@ -0,0 +1,3 @@
+[]
+acces = read : [ * ], write : [ admin ]
+export = system
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_sh_idxcluster_base/default/app.conf b/deployment-apps/02-M-TIC_sh_idxcluster_base/default/app.conf
new file mode 100644
index 0000000..a662815
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_idxcluster_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Configure Search Head for IDX Clustering
+
+[package]
+id = M-TIN_sh_idxcluster_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/02-M-TIC_sh_idxcluster_base/default/server.conf b/deployment-apps/02-M-TIC_sh_idxcluster_base/default/server.conf
new file mode 100644
index 0000000..0046dcb
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_idxcluster_base/default/server.conf
@@ -0,0 +1,9 @@
+[general]
+site = site2
+
+[clustering]
+multisite = true
+master_uri = https://SVLCTPLOGCLM01.jpit.com:8089
+mode = searchhead
+pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza
+
diff --git a/deployment-apps/02-M-TIC_sh_idxcluster_base/local/app.conf b/deployment-apps/02-M-TIC_sh_idxcluster_base/local/app.conf
new file mode 100644
index 0000000..1173ea8
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_idxcluster_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_sh_volume_indexes/default/app.conf b/deployment-apps/02-M-TIC_sh_volume_indexes/default/app.conf
new file mode 100644
index 0000000..658f61e
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_volume_indexes/default/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_sh_volume_indexes/default/indexes.conf b/deployment-apps/02-M-TIC_sh_volume_indexes/default/indexes.conf
new file mode 100644
index 0000000..bc5dee3
--- /dev/null
+++ b/deployment-apps/02-M-TIC_sh_volume_indexes/default/indexes.conf
@@ -0,0 +1,6 @@
+# One Volume for Hot and Cold
+[volume:primary]
+path = /opt/splunk/var/lib/splunk
+
+[volume:secondary]
+path = /opt/splunk/var/lib/splunk
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/app.conf b/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/app.conf
new file mode 100644
index 0000000..771fc72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/inputs.conf b/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/inputs.conf
new file mode 100644
index 0000000..c3a0e72
--- /dev/null
+++ b/deployment-apps/02-M-TIC_windows_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,7 @@
+[WinEventLog]
+interval=60
+evt_resolve_ad_obj = 0
+evt_dc_name=
+evt_dns_name=
+index = idx_m-tic_windows
+sourcetype = events_windows
\ No newline at end of file
diff --git a/deployment-apps/02-M-TIC_windows_forwarders_inputs/metadata/local.meta b/deployment-apps/02-M-TIC_windows_forwarders_inputs/metadata/local.meta
new file mode 100644
index 0000000..04740cf
--- /dev/null
+++ b/deployment-apps/02-M-TIC_windows_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/For_MC/local/distsearch.conf b/deployment-apps/For_MC/local/distsearch.conf
new file mode 100644
index 0000000..833c571
--- /dev/null
+++ b/deployment-apps/For_MC/local/distsearch.conf
@@ -0,0 +1,30 @@
+[distributedSearch:dmc_group_cluster_master]
+servers = SVLCTPLOGCLM01.jpit.com:8089
+
+[distributedSearch:dmc_group_deployment_server]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_kv_store]
+servers = SVLCTPLOGCLM01.jpit.com:8089,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
+
+[distributedSearch:dmc_group_search_head]
+servers = SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:808
+
+[distributedSearch:dmc_group_indexer]
+default = true
+servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+servers = localhost:localhost
+
+[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
+servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089,SVLCTPLOGCLM01.jpit.com:8089,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
+
+[distributedSearch:dmc_group_license_master]
+servers = SVLCTPLOGLMR.jpit.com:8089
+
+[distributedSearch:dmc_searchheadclustergroup_M-TIC_shcluster]
+servers = localhost:localhost,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
+
+[distributedSearch]
+servers = https://SVLCTPLOGCLM01.jpit.com:8089,https://SVLCTPLOGLMR.jpit.com:8089,https://SVLCTPLOGPUB01.jpit.com:8089,https://SVLCTPLOGPUB02.jpit.com:8089
\ No newline at end of file
diff --git a/deployment-apps/For_MC/local/health.conf b/deployment-apps/For_MC/local/health.conf
new file mode 100644
index 0000000..aa3f329
--- /dev/null
+++ b/deployment-apps/For_MC/local/health.conf
@@ -0,0 +1 @@
+[distributed_health_reporter]
\ No newline at end of file
diff --git a/deployment-apps/README b/deployment-apps/README
new file mode 100644
index 0000000..ea6118b
--- /dev/null
+++ b/deployment-apps/README
@@ -0,0 +1,6 @@
+This directory is the default repository location for deployable apps in a deployment server 
+configuration.
+
+For details on configuring as a deployment server, see 
+$SPLUNK_HOME/etc/system/README/serverclass.conf.spec, serverclass.conf.example or the Admin manual 
+at http://docs.splunk.com/Documentation.
diff --git a/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf b/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
new file mode 100644
index 0000000..4595279
--- /dev/null
+++ b/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
@@ -0,0 +1,4 @@
+[settings]
+mc_auto_config = enabled
+disabled = 0
+configuredPeers = SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089,SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089,SVLCTPLOGLMR.jpit.com:8089,SVLCTPLOGCLM01.jpit.com:8089
\ No newline at end of file
diff --git a/searchLanguage.xml b/searchLanguage.xml
new file mode 100644
index 0000000..5565264
--- /dev/null
+++ b/searchLanguage.xml
@@ -0,0 +1,632 @@
+<!--   Version 4.0 -->
+                                                                                                                                       
+
+<language>
+    <options>
+       <useAdvancedQuery>false</useAdvancedQuery>
+    </options>
+
+    <controls>
+        <control>
+            <token>SEARCH</token>
+                <modules>
+
+                    <module>
+                        <name>savedSplunkLoader</name>
+                        <requiredArgs>
+                            <arg>savedsplunk</arg>
+                        </requiredArgs>                        
+                    </module>
+
+                    <module>
+                        <name>savedSplunkLoader</name>
+                        <requiredArgs>
+                            <arg>savedsearch</arg>
+                        </requiredArgs>                        
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startdaysago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startdaysago>1</startdaysago>
+                        </defaults>
+                    </module>
+
+                    <module>
+		        <name>sortmeta</name>
+                        <requiredArgs>
+                            <arg>sort</arg> 
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>order</arg>
+                        </optionalArgs>
+                    </module>
+
+                    <module>
+		        <name>lastby</name>
+                        <requiredArgs>
+                            <arg>lastby</arg> 
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+		        <name>readtimeout</name>
+                        <requiredArgs>
+                            <arg>readtimeout</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <readtimeout>5</readtimeout>
+                        </defaults>
+                    </module>
+
+                    <module>
+		        <name>queryid</name>
+                        <requiredArgs>
+                            <arg>queryid</arg> 
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>sortorder</name>
+                        <requiredArgs>
+                            <arg>!resultsetsortby</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>readlevel</name>
+                        <requiredArgs>
+                            <arg>readlevel</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>readlimit</name>
+                        <requiredArgs>
+                            <arg>readlimit</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startminutesago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startminutesago>1</startminutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starthoursago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <starthoursago>1</starthoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startmonthsago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startmonthsago>1</startmonthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>enddaysago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <enddaysago>1</enddaysago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endminutesago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endminutesago>1</endminutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endhoursago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endhoursago>1</endhoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endmonthsago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endmonthsago>1</endmonthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanhours</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanhours>1</searchtimespanhours>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanminutes</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanminutes>1</searchtimespanminutes>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespandays</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespandays>1</searchtimespandays>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanmonths</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanmonths>1</searchtimespanmonths>
+                        </defaults>
+                    </module>
+
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starttime</arg>
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>timeformat</arg>
+                        </optionalArgs>
+                        <defaults>
+                            <starttime>12/31/1969:16:00:00</starttime>
+                            <timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endtime</arg>
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>timeformat</arg>
+                        </optionalArgs>
+                        <defaults>
+                            <endtime>12/31/2022:16:00:00</endtime>
+                            <timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starttimeu</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <starttimeu>0</starttimeu>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endtimeu</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <endtimeu>1672531200</endtimeu>
+                        </defaults>
+                    </module>
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>daysago</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <daysago>1</daysago>
+                        </defaults>
+                    </module>
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                             <arg>minutesago</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <minutesago>1</minutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                             <arg>hoursago</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <hoursago>1</hoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>monthsago</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <monthsago>1</monthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>maxtime</name>
+                        <requiredArgs>
+                            <arg>maxtime</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <maxtime>60</maxtime>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>countSetter</name>
+                        <requiredArgs>
+                            <arg>maxevents</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <maxevents>typeahead_suppress</maxevents>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>eventtype</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>tag</arg>
+                        </requiredArgs>
+                    </module>
+
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>typetag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>eventtypetag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>hosttagResolver</name>
+                        <requiredArgs>
+                            <arg>hosttag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>sourcetypeResolver</name>
+                        <requiredArgs>
+                            <arg>sourcetype</arg>
+                        </requiredArgs>
+                    </module>
+               
+                    <module>
+                        <name>domainFinder</name>
+                        <requiredArgs>
+                            <arg>index</arg>
+                        </requiredArgs>
+                    </module>
+
+
+                    <module>
+                        <name>connectedbytype</name>
+                        <requiredArgs>
+                            <arg>relatedbytype</arg>
+                        </requiredArgs>
+                        <optionalArgs>      
+                            <arg>minrelationbytype</arg>
+                        </optionalArgs>
+                    </module>
+
+                    <module>
+                        <name>historyuser</name>
+                        <requiredArgs>
+                           <arg>user</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                       <name>regexFilter</name>
+                        <requiredArgs>
+                           <arg>grep</arg>
+                        </requiredArgs>                       
+                    </module>
+
+
+                    <module>
+                        <name>debugCommand</name>
+                        <requiredArgs>
+                           <arg>!++cmd++</arg>
+                        </requiredArgs>
+                        <optionalArgs>      
+                            <arg>!++param1++</arg>
+                            <arg>!++param2++</arg>
+                        </optionalArgs>
+                   </module>
+
+               </modules>
+        </control>
+
+        <control>
+            <token>GET</token>
+            <modules>
+
+                <module>
+                    <name>eventGetter</name>
+                    <requiredArgs>
+                        <arg>events</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>summarize</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>SEARCH</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>timebucketsGetter</name>
+                    <requiredArgs>
+                        <arg>timebuckets</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>SEARCH</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>reportGetter</name>
+                    <requiredArgs>
+                        <arg>report</arg>
+                    </requiredArgs>
+                </module>                
+
+                <module>
+                    <name>typeGetter</name>
+                    <requiredArgs>
+                        <arg>types</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>samplesfortypes</arg>
+                    </optionalArgs>
+                </module>
+
+                <module>
+                    <name>searchGetter</name>
+                    <requiredArgs>
+                        <arg>searches</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>samplesfortypes</arg>
+                    </optionalArgs>
+                </module>
+
+                <module>
+                    <name>hostGetter</name>
+                    <requiredArgs>
+                        <arg>hosts</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceTypeGetter</name>
+                    <requiredArgs>
+                        <arg>sourcetypes</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>eventTagGetter</name>
+                    <requiredArgs>
+                        <arg>eventtags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>hostTagGetter</name>
+                    <requiredArgs>
+                        <arg>hosttags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceTypeTagGetter</name>
+                    <requiredArgs>
+                        <arg>sourcetypetags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceGetter</name>
+                    <requiredArgs>
+                        <arg>sources</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>reportGetter</name>
+                    <requiredArgs>
+                        <arg>report</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>formatGetter</name>
+                    <requiredArgs>
+                        <arg>formats</arg>
+                    </requiredArgs>
+                </module>
+
+            </modules>
+        </control>
+
+        <control>
+            <token>OUTPUT</token>
+            <modules>
+    
+                <module>
+                    <name>emailOut</name>
+                    <requiredArgs>
+                        <arg>email</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+    
+
+                <module>
+                   <name>schedOut</name>
+                   <requiredArgs>
+                       <arg>scheduler</arg>
+                   </requiredArgs>
+                    <optionalArgs>
+                        <arg>resolveids</arg>
+                    </optionalArgs>
+                </module>
+                         
+                <module>
+                   <name>schedOut</name>
+                   <requiredArgs>
+                       <arg>summary</arg>
+                   </requiredArgs>
+                    <optionalArgs>
+                        <arg>resolveids</arg>
+                    </optionalArgs>
+                </module>     
+
+                <module>
+                    <name>rssOut</name>
+                    <requiredArgs>
+                        <arg>rssfeed</arg>                            
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+    
+                <module>
+                    <name>splunkUIOut</name>
+                    <requiredArgs>
+                        <arg>splunkui</arg>                            
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                        <arg>idcount</arg>
+                        <arg>maxlines</arg>
+                        <arg>timeformat</arg>
+                    </optionalArgs>                        
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+                  
+    
+                <module>
+                    <name>exportOut</name>
+                    <requiredArgs>
+                        <arg>exportto</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>raweventsOut</name>
+                    <requiredArgs>
+                        <arg>rawevents</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+
+
+                <module>
+                    <name>magicgraph</name>
+                    <requiredArgs>
+                        <arg>magicgraph</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+            </modules>   
+        </control>
+    </controls>
+
+    <!--
+    Examples :
+
+    Running a normal splunk ui query
+        SEARCH get NOT post NOT( eventtype::error OR connected::foo:1:123544 ) count::100000 domain::splunkdb1 
+        GET events::0-20 types::all sourcetypes::all timebuckets::all 
+        OUTPUT splunkui::ajax format::heavy  
+
+    Running a query to email all the sources in the system to brian@splunk.com with html email format
+        GET sources::all 
+        OUTPUT email::brian@splunk.com format::htmlmail
+    -->
+</language>
diff --git a/splunk-launch.conf b/splunk-launch.conf
new file mode 100644
index 0000000..80a1c26
--- /dev/null
+++ b/splunk-launch.conf
@@ -0,0 +1,25 @@
+#   Version 9.1.0.1
+
+# Modify the following line to suit the location of your Splunk install.
+# If unset, Splunk will use the parent of the directory containing the splunk
+# CLI executable.
+#
+# SPLUNK_HOME=/home/build/build-home
+
+# By default, Splunk stores its indexes under SPLUNK_HOME in the
+# var/lib/splunk subdirectory.  This can be overridden
+# here:
+#
+# SPLUNK_DB=/home/build/build-home/var/lib/splunk
+# Splunkd daemon name
+SPLUNK_SERVER_NAME=Splunkd
+
+# If SPLUNK_OS_USER is set, then Splunk service will only start
+# if the 'splunk [re]start [splunkd]' command is invoked by a user who
+# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
+# (This setting can be specified as username or as UID.)
+#
+# SPLUNK_OS_USER
+PYTHONHTTPSVERIFY=0
+PYTHONUTF8=1
+OPTIMISTIC_ABOUT_FILE_LOCKING=1
diff --git a/splunk.version b/splunk.version
new file mode 100644
index 0000000..35f453e
--- /dev/null
+++ b/splunk.version
@@ -0,0 +1,4 @@
+VERSION=9.1.0.1
+BUILD=77f73c9edb85
+PRODUCT=splunk
+PLATFORM=Linux-x86_64